The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws



Download 5,76 Mb.
Pdf ko'rish
bet826/875
Sana01.01.2022
Hajmi5,76 Mb.
#293004
1   ...   822   823   824   825   826   827   828   829   ...   875
Bog'liq
3794 1008 4334

490

Chapter 13 



Automating Bespoke Attacks

70779c13.qxd:WileyRed  9/14/07  3:14 PM  Page 490


Starting with the 

_template

parameter, our first request supplied a single

quotation mark, and the server responded with an HTTP 500 error code. We

might immediately suppose that the application is vulnerable to SQL injection.

However, if we look at the other results for this parameter, we can see that an

identical response was received when we supplied other payloads that are not

normally associated with SQL injection. When we supplied a path traversal

string, however, we received a different response: it has a 200 error code, is

considerably longer, and does not contain the strings 

error

or 


not found

.

Looking back at the original request, we can see that the 



_template

parameter

takes what appears to be a file path, and so a tentative diagnosis of the

observed behavior would be that the application’s handling of the parameter

is vulnerable to a path traversal bug. We should immediately reissue this test

case manually and review the server’s response in full (see Chapter 10).

The 

personalDetailsURL



parameter looks less exciting. Each test case

returns a 200 status code with responses that are almost the same length. How-

ever, when we supplied the string 

xsstest


, this string was copied into the

server’s response. The name of the parameter suggests that this is being used

to transmit a URL via the client, which will be embedded into the next page

returned by the application. This operation may be vulnerable to cross-site

scripting, and we should probe the application’s handling of more crafted

input in order to confirm this (see Chapter 12).

The login parameter is used to submit the username to the login function,

and so submitting attack strings as this parameter should at the very least gen-

erate a failed login. And indeed, we can see that three of the test cases result in

an HTTP redirect containing the string 

invalid

, which probably appears

within the redirection URL. The fourth test case is much more interesting. Sub-

mitting a single quotation mark as the username resulted in an HTTP 500

response containing the strings 

error


and 

illegal


. This could indeed be a

SQL injection flaw, and we should manually investigate to confirm this (see

Chapter 9).


Download 5,76 Mb.

Do'stlaringiz bilan baham:
1   ...   822   823   824   825   826   827   828   829   ...   875



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish