The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	784/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 780 781 782 783 784 785 786 787 ... 875

Bog'liq
3794 1008 4334

If a persistent cookie is set that contains any sensitive data, then a local attacker may be able to capture this data. Even if a persistent cookie con

instruction contained an

expires

attribute with a date that is in the future, this will cause the

browser to persist that cookie until that date. For example:

UID=d475dfc6eccca72d0e expires=Wed, 12-Mar-08 16:08:29 GMT;

■

If a persistent cookie is set that contains any sensitive data, then a local

attacker may be able to capture this data. Even if a persistent cookie con-

tains an encrypted value, if this plays a critical role such as reauthenticat-

ing the user without entering credentials, then an attacker who captures

it will be able to resubmit it to the application without actually decipher-

ing its contents (see Chapter 6).

Cached Web Content

Most browsers cache non-SSL web content unless a web site specifically

instructs them not to. The cached data is normally stored on the local file system.

HACK STEPS

■

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 780 781 782 783 784 785 786 787 ... 875