The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

fied by submitting a function name or index within a request parameter

Download 5,76 Mb.

Pdf ko'rish

bet	612/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 608 609 610 611 612 613 614 615 ... 875

Bog'liq
3794 1008 4334

fied by submitting a function name or index within a request parameter.

Be sure to understand fully the mechanisms that the application is

employing to deliver access to distinct stages.

■

From the context of the functionality that is implemented, try to under-

stand what assumptions may have been made by developers and where

the key attack surface lies. Try to identify ways of violating those

assumptions to cause undesirable behavior within the application.

■

When multistage functions are accessed out of sequence, it is common

to encounter a variety of anomalous conditions within the application,

such as variables with null or uninitialized values, a partially defined or

inconsistent state, and other unpredictable behavior. In this situation, the

application may return interesting error message and debug output,

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 608 609 610 611 612 613 614 615 ... 875