The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Think imaginatively about any other possible means by which data you

Download 5,76 Mb.

Pdf ko'rish

bet	717/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 713 714 715 716 717 718 719 720 ... 875

Bog'liq
3794 1008 4334

Think imaginatively about any other possible means by which data you

control may be stored by the application and displayed to other users.

For example, if the application search function shows a list of popular

search items, you may be able to introduce a stored XSS payload by

searching for it numerous times, even though the primary search func-

tionality itself handles your input safely.

When you have identified every instance in which user-controllable data is

stored by the application and later displayed back to the browser, you should fol-

low the same process described previously for investigating potential reflected

XSS vulnerabilities — that is, determine what input needs to be submitted to

70779c12.qxd:WileyRed 9/14/07 3:14 PM Page 416

embed valid JavaScript within the surrounding HTML and then attempt to cir-

cumvent any filters which interfere with the processing of your attack

payload.

T I P

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 713 714 715 716 717 718 719 720 ... 875