The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

You can exploit read-access path traversal flaws to retrieve interesting

Download 5,76 Mb.

Pdf ko'rish

bet	599/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 595 596 597 598 599 600 601 602 ... 875

Bog'liq
3794 1008 4334

Server and application configuration files, to discover other vulnerabil- ities or fine-tune a different attack.
The source code to server-executable pages, to perform a code

You can exploit read-access path traversal flaws to retrieve interesting

files from the server that may contain directly useful information or help

you to refine attacks against other vulnerabilities. For example:

■

Password files for the operating system and application.

■

Server and application configuration files, to discover other vulnerabil-

ities or fine-tune a different attack.

■

Include files that may contain database credentials.

■

Data sources used by the application, such as MySQL database files or

XML files.

■

The source code to server-executable pages, to perform a code

review in search of bugs (for example

GetImage.aspx?file=

GetImage.aspx

).

■

Application log files that may contain usernames and session tokens,

and the like.

■

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 595 596 597 598 599 600 601 602 ... 875