The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

security testing, because it is assumed that only trusted users will access it. If

you can somehow gain access to the functionality, you may be able to exploit

any defect in it to escalate privileges even further — potentially compromising

the entire database or web server.

To perform a quick fuzz test of the previous request, you need to set payload

positions at all of the request parameters, not only the 

logid

parameter. You

can do this simply by clicking the “auto” button on the positions tab. You then

need to configure a set of attack strings to use as payloads and some common

error messages to search responses for. Intruder contains built-in sets of strings

for both of these uses.

As with the fuzzing attack performed using JAttack, you then need to man-

ually review the table of results to identify any anomalies that merit further

investigation, as shown in Figure 13-8. As before, you can click on column

headings to sort the responses in various ways, to help identify interesting

cases.

Figure 13-8:  Results from fuzzing a single request

From an initial look at the results, it strongly appears that the application is

vulnerable to SQL injection. In payload positions 2 and 3, when a single quo-

tation mark is submitted, the application returns an HTTP 500 status code and

a message containing the string 

ODBC

. This behavior definitely warrants some

manual investigation to confirm and exploit the bug.

T I P

Download 5,76 Mb.

Do'stlaringiz bilan baham: