The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

If you find that either item is returned as the other, or simply as

Download 5,76 Mb.

Pdf ko'rish

bet	553/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 549 550 551 552 553 554 555 556 ... 875

Bog'liq
3794 1008 4334

If you find that either item is returned as the other, or simply as

test

, then

you can be confident that your input is being inserted into an XML-based

message.

■

If the HTTP request contains several parameters which may be being

placed into a SOAP message, try inserting the opening comment charac-

ter

into one parameter and the closing comment character

!-->

into another parameter. Then, switch these around (because you have no

way of knowing which order the parameters appear in). This can have the

effect of commenting out a portion of the server’s SOAP message, which

may cause a change in the application’s logic, or result in a different

error condition which may divulge information.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 549 550 551 552 553 554 555 556 ... 875