The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

For each potential XSS vulnerability noted in the previous steps

Download 5,76 Mb.

Pdf ko'rish

bet	693/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 689 690 691 692 693 694 695 696 ... 875

Bog'liq
3794 1008 4334

For each potential XSS vulnerability noted in the previous steps:

■

Review the HTML source to identify the location(s) of your unique string.

■

If the string appears more than once, then each occurrence needs to be

treated as a separate potential vulnerability and investigated individually.

■

Determine, from the location within the HTML of the user-controllable

string, how you need to modify it in order to cause execution of arbitrary

JavaScript. Typically, numerous different methods will be potential vehi-

cles for an attack.

■

Attempt to use the various injection vectors described, and consult the

XSS Cheat Sheet at

http://ha.ckers.org/xss.html

to identify addi-

tional unusual vectors.

■

Test your exploit by submitting it to the application. If your crafted string

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 689 690 691 692 693 694 695 696 ... 875