The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Be sure to delete the actual name of the parameter as well as its value

Download 5,76 Mb.

Pdf ko'rish

bet	609/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 605 606 607 608 609 610 611 612 ... 875

Bog'liq
3794 1008 4334

If the request you are manipulating is part of a multistage process, fol
The Functionality

Be sure to delete the actual name of the parameter as well as its value.

Do not just submit an empty string, as this is typically handled differently

by the server.

■

Attack only one parameter at a time, to ensure that all relevant code

paths within the application are reached.

■

If the request you are manipulating is part of a multistage process, fol-

low the process through to completion, because some later logic may

process data that was supplied in earlier steps and stored within the

session.

Example 2: Proceeding to Checkout

The authors encountered this logic flaw in the web application employed by

an online retailer.

The Functionality

The process of placing an order involved the following stages:

1. Browse the product catalog and add items to the shopping basket.

2. Return to the shopping basket and finalize the order.

3. Enter payment information.

4. Enter delivery information.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 605 606 607 608 609 610 611 612 ... 875