The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

1 ... 783 784 785 786 787 788 789 790 ... 875

Bog'liq
3794 1008 4334

Firefox (on Linux)

:

~/.mozilla/firefox/{profile name}/Cache

Browsing History

Most browsers save a browsing history, which may include any sensitive data

transmitted in URL parameters.

HACK STEPS

■

Identify any instances within the application in which sensitive data is

being transmitted via a URL parameter.

■

If any cases exist, examine the browser history to verify that this data has

been stored there.

70779c12.qxd:WileyRed 9/14/07 3:14 PM Page 459

Autocomplete

Many browsers implement a user-configurable autocomplete function for

text-based input fields, which may store sensitive data such as credit card

numbers, usernames, and passwords. Autocomplete data is stored within the

registry by Internet Explorer and on the file system by Firefox.

As already described, in addition to being accessible by local attackers, data

in the autocomplete cache can also be retrieved via an XSS attack in certain cir-

cumstances.

HACK STEPS

■

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 783 784 785 786 787 788 789 790 ... 875