The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

specific cases to work around particular difficulties. For example, this

Download 5,76 Mb.

Pdf ko'rish

bet	350/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 346 347 348 349 350 351 352 353 ... 875

Bog'liq
3794 1008 4334

specific cases to work around particular difficulties. For example, this

behavior is often observed where a web application interfaces to an

external system.

■

If session tokens are being transmitted in URLs, attempt to find any

application functionality that enables you to inject arbitrary off-site links

into pages viewed by other users — for example, functionality implement-

ing a message board, site feedback, question-and-answer, and so on. If

so, submit links to a web server you control and wait to see whether any

users’ session tokens are received in your Referer logs.

■

If any session tokens are captured, attempt to hijack user sessions by

using the application as normal but substituting a captured token for

your own. Some intercepting proxies can be configured with regex-based

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 346 347 348 349 350 351 352 353 ... 875