The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

the server hosting the target application

Download 5,76 Mb.

Pdf ko'rish

bet	546/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 542 543 544 545 546 547 548 549 ... 875

Bog'liq
3794 1008 4334

If the application is found to be vulnerable to remote file inclusion, con

the server hosting the target application.

■

If the first test fails, try submitting a URL containing a nonexistent IP

address, and determine whether a timeout occurs while the server

attempts to connect.

■

If the application is found to be vulnerable to remote file inclusion, con-

struct a malicious script using the available APIs in the relevant lan-

guage, as described for dynamic execution attacks.

Local file inclusion vulnerabilities can potentially exist in a much wider range

of scripting environments than those that support remote file inclusion. To test

for local file inclusion vulnerabilities, perform the following steps:

■

Submit the name of a known executable resource on the server, and

determine whether there is any change in the application’s behavior.

■

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 542 543 544 545 546 547 548 549 ... 875