The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

The most obvious vulnerabilities of this kind will often be detected during the

Download 5,76 Mb.

Pdf ko'rish

bet	626/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 622 623 624 625 626 627 628 629 ... 875

Bog'liq
3794 1008 4334

The first step in attempting to beat a business limit is to understand what characters are accepted within the relevant input which you control.
You may need to perform several steps in order to engineer a change in

The most obvious vulnerabilities of this kind will often be detected during the

user-acceptance testing that normally occurs before an application is launched.

However, more subtle manifestations of the problem may remain, particularly

when hidden parameters are being manipulated.

HACK STEPS

The first step in attempting to beat a business limit is to understand what

characters are accepted within the relevant input which you control.

■

Try entering negative values and see if these are accepted by the applica-

tion and processed in the way that you would expect.

■

You may need to perform several steps in order to engineer a change in

the application’s state that can be exploited for a useful purpose. For

example, several transfers between accounts may be required until a

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 622 623 624 625 626 627 628 629 ... 875