ure the spider to exclude these from its scope. Run the spider and review

Discovering Hidden Content

It is very common for applications to contain content and functionality which

is not directly linked or reachable from the main visible content. A common

example of this is functionality that has been implemented for testing or

debugging purposes and has never been removed. 

Another example arises where the application presents different functional-

ity to different categories of users (for example, anonymous users, authenti-

cated regular users, and administrators). Users at one privilege level who

perform exhaustive spidering of the application may miss functionality that is

visible to users at other levels. An attacker who discovers the functionality

may be able to exploit it to elevate her privileges within the application.

There are countless other cases in which interesting content and functional-

ity may exist that the mapping techniques previously described would not

identify, including:

■■

Backup copies of live files. In the case of dynamic pages, their file exten-

sion may have changed to one that is not mapped as executable,

enabling you to review the page source for vulnerabilities that can then

be exploited on the main page.

■■

Backup archives that contain a full snapshot of files within (or indeed

outside) the web root, possibly enabling you to easily identify all con-

tent and functionality within the application.

■■

New functionality that has been deployed to the server for testing but

not yet linked from the main application.

■■

Old versions of files that have not been removed from the server. In the

case of dynamic pages, these may contain vulnerabilities that have been

fixed in the current version but can still be exploited in the old version.

■■

Configuration and include files containing sensitive data such as data-

base credentials.

■■

Source files out of which the live application’s functionality has been

compiled.

■■

Log files that may contain sensitive information such as valid user-

names, session tokens, URLs visited, actions performed, and so on.

Effective discovery of hidden content requires a combination of automated

and manual techniques, and often relies upon a degree of luck.

Download 5,76 Mb.

Do'stlaringiz bilan baham: