6.5 |
Impersonation Functionality ........................................................................................ 118 |
|
6.6 |
Other issues ......................................................................................................................... 119 |
|
6.7 |
Authorization ...................................................................................................................... 119 |
|
6.8 |
Attack Execution-data stores ....................................................................................... 121 |
|
6.9 |
SQL injection ....................................................................................................................... 122 |
|
6.9.1 |
Attack Select statement ...................................................................................... 123 |
|
6.9.2 |
Attack insert ............................................................................................................. 123 |
|
6.9.3 |
Attack update statement .................................................................................... 123 |
|
6.9.4 |
Attacking Delete statement ............................................................................... 124 |
|
6.9.5 |
Attacking Using UNION ....................................................................................... 124 |
|
6.10 |
NO SQL injection ............................................................................................................... 125 |
|
6.11 |
XPath injection ................................................................................................................... 126 |
|
6.12 |
LDAP injection .................................................................................................................... 127 |
|
6.13 |
Attack Execution-Business Logic ................................................................................ 128 |
|
6.14 |
Web application Cross Site Scripting ( XSS ) ............................................................. 130 |
|
6.15 |
Echo or reflection based XSS ........................................................................................ 131 |
|
6.16 |
Stored script attack .......................................................................................................... 132 |
|
6.17 |
Data Object Model Based XSS ...................................................................................... 134 |
|
6.18 |
QUIZ : ...................................................................................................................................... 136 |
|
Chapter 7 |
Attack execution ( 3 ) ............................................................................................. 138 |
|
7.1 |
Attack webserver operating system .......................................................................... 139 |
|
7.2 |
Attack File system ............................................................................................................. 141 |
|
7.3 |
Inclusion method .............................................................................................................. 141 |
|
7.4 |
Path traversal method .................................................................................................... 143 |
|
7.5 |
Attack Mail service ........................................................................................................... 144 |
|
7.6 |
Header Juggling ................................................................................................................. 144 |
|
7.7 |
SMTP command injection .............................................................................................. 146 |
|
7.8 |
Attack XML ........................................................................................................................... 148 |
|
7.9 |
Attack SOAP Services ....................................................................................................... 149 |
|
7.10 |
Attack Checklist ................................................................................................................. 150 |
|
7.11 |
Evade Logging ..................................................................................................................... 152 |
|
7.11.1 |
Web Server Logs ..................................................................................................... 153 |
|
7.11.2 |
Escape logging :........................................................................................................ 153 |
|
7.11.3 |
Clearing logs :............................................................................................................ 154 |
|