The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

string. Make a note of every parameter whose value is being copied into

Download 5,76 Mb.

Pdf ko'rish

bet	689/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 685 686 687 688 689 690 691 692 ... 875

Bog'liq
3794 1008 4334

string. Make a note of every parameter whose value is being copied into

the application’s response. These are not necessarily vulnerable, but

each instance identified is a candidate for further investigation, as

described in the next part of this section.

■

Note that both

GET

and

POST

requests need to be tested, and you should

include every parameter within both the URL query string and the mes-

sage body. While a smaller range of delivery mechanisms exists for XSS

vulnerabilities that can only be triggered via a

POST

request, exploitation

is still possible, as previously described.

■

In addition to the standard request parameters, you should also test

every instance in which the contents of an HTTP request header is

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 685 686 687 688 689 690 691 692 ... 875