The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

4. You are formulating an automated attack to brute force a login function

to discover additional account credentials. You find that the application

returns an HTTP redirection to the same URL regardless of whether you

submit valid or invalid credentials. In this situation, what is the most

likely means you can use to detect hits?

5. When you are using an automated attack to harvest data from within

the application, you will often find that the information you are inter-

ested in is preceded by a static string that enables you to easily capture

the data following it. For example:

On other occasions, you may find that this is not the case, and that the

data preceding the information you need is more variable. In this situa-

tion, how can you devise an automated attack that still fulfills your

needs?

Download 5,76 Mb.

Do'stlaringiz bilan baham: