The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

There are numerous subtle variations in the way different database

Download 5,76 Mb.

Pdf ko'rish

bet	489/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 485 486 487 488 489 490 491 492 ... 875

Bog'liq
3794 1008 4334

There are numerous subtle variations in the way different database

platforms handle string manipulation and numeric computation, which you may

need to take account of when performing advanced attacks of this kind. An

excellent guide to these differences covering many different databases can be

found here:

http://sqlzoo.net/howto/source/z.dir/i08fun.xml

In a variation on this situation, the authors have encountered cases in which

what is returned by the application is not an actual number, but some resource

for which that number is an identifier. The application performs a SQL query

based on user input, obtains a numeric identifier for a document, and then

returns the document’s contents to the user. In this situation, an attacker can

first obtain a copy of every document whose identifiers are within the relevant

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 485 486 487 488 489 490 491 492 ... 875