The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

example, submitting this in a search field often returns a large number of

Download 5,76 Mb.

Pdf ko'rish

bet	441/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 437 438 439 440 441 442 443 444 ... 875

Bog'liq
3794 1008 4334

example, submitting this in a search field often returns a large number of

results, indicating that the input is being passed into an SQL query. Of course,

this does not necessarily indicate that the application is vulnerable — only that

you should probe further to identify any actual flaws.

70779c09.qxd:WileyRed 9/14/07 3:13 PM Page 245

246

Chapter 9

■

Injecting Code

Numeric Data

When user-supplied numeric data is incorporated into an SQL query, the

application may still handle this as string data, by encapsulating it within sin-

gle quotation marks. You should, therefore, always perform the steps

described previously for string data. In most cases, however, numeric data is

passed directly to the database in numeric form and so is not placed within

single quotation marks. If none of the previous tests points towards the pres-

ence of a vulnerability, there are some other specific steps you can take in rela-

tion to numeric data.

HACK STEPS

■

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 437 438 439 440 441 442 443 444 ... 875