The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	534/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 530 531 532 533 534 535 536 537 ... 875

Bog'liq
3794 1008 4334

HACK STEPS

■

The

<

and

>

characters are used respectively to direct the contents of a

file to the command’s input and to direct the command’s output to a file.

If it is not possible to use the preceding techniques to inject an entirely

separate command, you may still be able to read and write arbitrary file

contents using the

<

and

>

characters.

■

Many operating system commands which applications invoke accept a

number of command-line parameters that control their behavior. Often,

user-supplied input is passed to the command as one of these parame-

ters, and you may be able to add further parameters simply by inserting a

space followed by the relevant parameter. For example, a web authoring

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 530 531 532 533 534 535 536 537 ... 875