The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

A common mistake made when probing an application for defects such

Download 5,76 Mb.

Pdf ko'rish

bet	444/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 440 441 442 443 444 445 446 447 ... 875

Bog'liq
3794 1008 4334

Literal spaces are not allowed in the query string, and if submitted will

A common mistake made when probing an application for defects such

as SQL injection is to forget that certain characters have special meaning within

HTTP requests. If you wish to include these characters within your attack

payloads, then you must be careful to URL-encode them to ensure that they are

interpreted in the way you intend. In particular:

■■

and

=

are used to join together name/value pairs to create the query

string and the block of

POST

data. You should encode them using

%26

and

%3d

, respectively.

■■

Literal spaces are not allowed in the query string, and if submitted will

effectively terminate the entire string. You should encode them using

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 440 441 442 443 444 445 446 447 ... 875