Skip to Content
Becoming the Hacker
book

Becoming the Hacker

by Adrian Pruteanu
January 2019
Beginner
404 pages
8h 53m
English
Packt Publishing
Content preview from Becoming the Hacker

Chapter 6. Out-of-Band Exploitation

In the previous chapter, we looked at confirming and exploiting file inclusion attacks. The confirmation piece was straightforward, since the server immediately made it obvious that the application was vulnerable. What happens when things are not so clear? What if the server is vulnerable but does not show any indication of it when given unexpected input? When testing for the existence of, say, a SQL injection vulnerability, attackers will usually feed specially crafted values into the input and observe the application's behavior. Sometimes, if they are lucky, the server returns a bright-red SQL error message, which can indicate the existence of an injection point.

As applications and frameworks get more complex, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Tribe of Hackers Red Team

Tribe of Hackers Red Team

Marcus J. Carey, Jennifer Jin
How to Hack Like a Ghost
Gray Hat Hacking The Ethical Hacker's Handbook, Fifth Edition, 5th Edition

Gray Hat Hacking The Ethical Hacker's Handbook, Fifth Edition, 5th Edition

Daniel Regalado, Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Branko Spasojevic, Ryan Linn, Stephen Sims
Ethical Hacking

Ethical Hacking

Daniel G. Graham

Publisher Resources

ISBN: 9781788627962Supplemental Content