The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	445/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 441 442 443 444 445 446 447 448 ... 875

Bog'liq
3794 1008 4334

%20

.

■■

Because

+

is used to encode spaces, if you wish to include an actual

+

in your string, you must encode it using

%2b

. In the previous numeric

example, therefore,

1+1

should be submitted as

1%2b1

■■

The semicolon is used to separate cookie fields, and should be

encoded using

%3b

.

These encodings are necessary whether you are editing the parameter’s value

directly from your browser, with an intercepting proxy, or through any other

means. If you fail to encode problem characters correctly, then you may

invalidate the entire request, or submit data that you did not intend to.

The steps described previously are normally sufficient to identify the major-

ity of SQL injection vulnerabilities, including many of those where no useful

results or error information is transmitted back to the browser. In some cases,

however, more advanced techniques may be necessary, such as the use of time

delays to confirm the presence of a vulnerability. We will describe these tech-

niques later in this chapter.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 441 442 443 444 445 446 447 448 ... 875