The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

HACK STEPS The flaws in this application were absolutely fundamental to its security, but

Download 5,76 Mb.

Pdf ko'rish

bet	616/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 612 613 614 615 616 617 618 619 ... 875

Bog'liq
3794 1008 4334

Whenever an application implements a key action across multiple stages

HACK STEPS

The flaws in this application were absolutely fundamental to its security, but

none of them would have been identified by an attacker who simply

intercepted browser requests and modified the parameter values being

submitted.

■

Whenever an application implements a key action across multiple stages,

you should take parameters that are submitted at one stage of the

process, and try submitting these to a different stage. If the relevant

items of data are updated within the application’s state, you should

explore the ramifications of this behavior, to determine whether you can

leverage it to carry out any malicious action, as in the preceding three

examples.

■

If the application implements functionality whereby different categories

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 612 613 614 615 616 617 618 619 ... 875