The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	436/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 432 433 434 435 436 437 438 439 ... 875

Bog'liq
3794 1008 4334

N OT E In your application mapping exercises (see Chapter 4), you should have identified instances where the application appears to be accessing a back-end

Finding SQL Injection Bugs

In the most obvious cases, a SQL injection flaw may be discovered and con-

clusively verified by supplying a single item of unexpected input to the appli-

cation. In other cases, bugs may be extremely subtle and may be difficult to

distinguish from other categories of vulnerability or from benign anomalies

that do not present any security threat. Nevertheless, there are various steps

that you can carry out in an ordered way to reliably verify the majority of SQL

injection flaws.

N OT E

In your application mapping exercises (see Chapter 4), you should have

identified instances where the application appears to be accessing a back-end

database, and all of these need to be probed for SQL injection flaws. In fact,

absolutely any item of data submitted to the server may be passed to database

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 432 433 434 435 436 437 438 439 ... 875