The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Chapter 14 ■ Exploiting Information Disclosure

Download 5,76 Mb.

Pdf ko'rish

bet	857/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 853 854 855 856 857 858 859 860 ... 875

Bog'liq
3794 1008 4334

Chapter 14

■

Exploiting Information Disclosure

513

70779c14.qxd:WileyRed 9/14/07 3:14 PM Page 513

HACK STEPS

■

Review the results of your application mapping exercises (see Chapter 4)

to identify all server-side functionality and client-side data that may be

used to obtain useful information.

■

Identify any locations within the application where sensitive data such as

passwords or credit card details are transmitted back from the server to

the browser. Even if these are masked on-screen, they are still of course

viewable within the server’s response. If you have found another suit-

able vulnerability, for example within access controls or session han-

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 853 854 855 856 857 858 859 860 ... 875