page. You can disable this behavior in the Advanced tab in Internet Options

Because of the huge variety of web application technologies and components

in common use, you should frequently expect to encounter unusual messages

that you have not seen before, and that may not immediately indicate the

nature of the error that the application experienced. In this situation, you can

often obtain further information about the meaning of the message from vari-

ous public sources.

Often, an unusual error message is the result of a failure in a specific API.

Searching for the text of the message may lead you to the documentation for

this API or to developer forums and other locations where the same problem

is discussed.

Many applications employ third-party components to perform specific

common tasks, such as searches, shopping carts, and site feedback functions.

Any error messages that are generated by these components are likely to have

arisen in other applications, and to have been discussed elsewhere.

Some applications incorporate source code that is publicly available. By

searching for specific expressions which appear in unusual error messages,

you may actually discover the source code which implements the relevant

function. You can then review this to understand exactly what processing is

being performed on your input, and how you may be able to manipulate the

application to exploit a vulnerability.

HACK STEPS

■