The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

The primary objective in selecting indicators of hits is to find one that is

Download 5,76 Mb.

Pdf ko'rish

bet	810/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 806 807 808 809 810 811 812 813 ... 875

Bog'liq
3794 1008 4334

The primary objective in selecting indicators of hits is to find one that is

completely reliable or a group that are reliable when taken together. However,

in some attacks, you may not know in advance exactly what a hit looks like. For

example, when targeting a login function to try and enumerate usernames, you

may not actually possess a known valid username in order to determine the

application’s behavior in the case of a hit. In this situation, the best approach is

to monitor the application’s responses for all of the attributes just described

and to look for any anomalies in these.

Scripting the Attack

Let’s suppose that we have identified the following URL, which returns a 200

response code when a valid

docID

value is submitted, and a 500 response code

otherwise:

http://wahh-app.com/ShowDoc.jsp?docID=3801

This request/response pair satisfies the two conditions required for you to

be able to mount an automated attack to enumerate valid document IDs.

In a simple case such as this, it is possible to create a custom script very

quickly to perform an automated attack. For example, the following bash

script reads a list of potential document IDs from

stdin

, uses the

netcat

tool

to request a URL containing each ID, and logs the first line of the server’s

response, which contains the HTTP status code:

#!/bin/bash

server=wahh-app.com

port=80

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 806 807 808 809 810 811 812 813 ... 875