The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Java applets and ActiveX controls may also contain sensitive data that

Download 5,76 Mb.

Pdf ko'rish

bet	130/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 126 127 128 129 130 131 132 133 ... 875

Bog'liq
3794 1008 4334

HACK STEPS (continued)

Java applets and ActiveX controls may also contain sensitive data that

you can extract. See Chapter 14 for further ways in which the application

may disclose information about itself.

(continued)

Chapter 4

■

Mapping the Application

70779c04.qxd:WileyRed 9/14/07 3:12 PM Page 71

HACK STEPS (continued)

■

Add to the lists of enumerated items any further potential names conjec-

tured on the basis of these. Also add to the file extension list common

extensions such as

txt

bak

src

inc

, and

old

, which may uncover the

source to backup versions of live pages, as well as extensions associated

with the development languages in use, such as Java and cs, which may

uncover source files that have been compiled into live pages (see the tips

described later in this chapter for identifying technologies in use). The

Paros tool carries out this test when used to perform a vulnerability scan

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 126 127 128 129 130 131 132 133 ... 875