malformed requests are triggering the same error or different errors. You may
also be able to determine the sequence in which different parameters are
processed, by submitting bad input within multiple parameters and identify-
ing the location at which an error occurs. By systematically manipulating dif-
ferent parameters, you may be able to map out the different code paths being
executed on the server.
T I P
Even if an error message does not disclose any interesting information, it
may represent an exploitable vulnerability. For example, it is common to find
XSS bugs in error messages which contain the anomalous user-supplied input
that generated the error (see Chapter 12).
Stack Traces
Most web applications are written in languages that are more complex than
simple scripts but which still run in a managed execution environment — for
example, Java, C#, and Visual Basic .NET. When an unhandled error occurs in
these languages, it is common to see full stack traces being returned to the
browser.
A stack trace is a structured error message that begins with a description of
the actual error. This is followed by a series of lines describing the state of the
execution call stack when the error occurred. The top line of the call stack
shows the function that generated the error, the next line shows the function
that invoked the previous function, and so on down the call stack until the
hierarchy of function calls is exhausted.
The following is an example of a stack trace generated by an ASP.NET
application:
[HttpException (0x80004005): Cannot use a leading .. to exit above the
top directory.]
System.Web.Util.UrlPath.Reduce(String path) +701
System.Web.Util.UrlPath.Combine(String basepath, String relative) +304
System.Web.UI.Control.ResolveUrl(String relativeUrl) +143
PBSApp.StatFunc.Web.MemberAwarePage.Redirect(String url) +130
PBSApp.StatFunc.Web.MemberAwarePage.Process() +201
PBSApp.StatFunc.Web.MemberAwarePage.OnLoad(EventArgs e)
System.Web.UI.Control.LoadRecursive() +35
System.Web.UI.Page.ProcessRequestMain() +750
Version Information: Microsoft .NET Framework Version:1.1.4322.2300;
ASP.NET Version:1.1.4322.2300
Chapter 14
■
Exploiting Information Disclosure
507
70779c14.qxd:WileyRed 9/14/07 3:14 PM Page 507
This kind of error message provides a large
amount of useful information
that may assist you in fine-tuning your attack against the application:
■■
It often describes the precise reason why an error occurred. This may
enable you to adjust your input to circumvent the error condition and
advance your attack.
■■
The call stack typically makes reference to a number of library and third-
Do'stlaringiz bilan baham: