The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

is unlikely that any attempts based on guessing will be successful. How-

Download 5,76 Mb. Pdf ko'rish bet 408/875 Sana 01.01.2022 Hajmi 5,76 Mb. #293004

Bu sahifa navigatsiya:

• HACK STEPS (continued)

is unlikely that any attempts based on guessing will be successful. How- ever, if it is a relatively small number, try other numbers in close range, or random numbers with the same number of digits. 226 Chapter 8  ■ Attacking Access Controls 70779c08v6.5.qxd  9/14/07  3:18 PM  Page 226 HACK STEPS (continued) ■ If access controls are found to be broken, and resource identifiers are found to be predictable, you can mount an automated attack to harvest sensitive resources and information from the application. Use the tech- niques described in Chapter 13 to design a bespoke automated attack to retrieve the data you require. A catastrophic vulnerability of this kind occurs where an Account  Download 5,76 Mb. Do'stlaringiz bilan baham: