The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

dling, then this behavior can be used to obtain the information belonging

Download 5,76 Mb.

1 ... 854 855 856 857 858 859 860 861 ... 875

Bog'liq
3794 1008 4334

dling, then this behavior can be used to obtain the information belonging

to other application users.

■

If you identify any means of extracting sensitive information, use the

techniques described in Chapter 13 to automate the process.

Using Inference

In some situations, an application may not divulge any data to you directly,

but it may behave in ways that enable you to reliably infer information that is

of use.

We have already encountered a number of instances of this phenomenon, in

the course of examining other categories of common vulnerability. For example:

■■

A registration function that enables you to enumerate registered user-

names on the basis of an error message when an existing username is

chosen (see Chapter 6).

■■

A search engine that allows you to infer the contents of indexed docu-

ments that you are not authorized to view directly (see Chapter 11).

■■

A blind SQL injection vulnerability in which you can alter the applica-

tion’s behavior by adding a binary condition to an existing query,

enabling to you extract information one bit at a time (see Chapter 9).

Another way in which subtle differences in an application’s behavior may

disclose information occurs when different operations take different lengths of

time to perform, contingent upon some fact that is of interest to an attacker.

This divergence can arise for various reasons:

■■

Many large and complex applications retrieve data from numerous

back-end systems, such as databases, message queues, and mainframes.

To improve performance, some applications cache information that is

used frequently. Similarly, some applications employ a lazy load

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 854 855 856 857 858 859 860 861 ... 875