O'Reilly logo

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition by Marcus Pinto, Dafydd Stuttard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Questions

Answers can be found at http://mdsec.net/wahh.

  1. While mapping an application, you encounter the following URL:
    https://wahh-app.com/CookieAuth.dll?GetLogon?curl=Z2Fdefault.aspx

    What information can you deduce about the technologies employed on the server and how it is likely to behave?

  2. The application you are targeting implements web forum functionality. Here is the only URL you have discovered:
    http://wahh-app.com/forums/ucp.php?mode=register

    How might you obtain a listing of forum members?

  3. While mapping an application, you encounter the following URL:
    https://wahh-app.com/public/profile/Address.
    asp?action=view&location
    =default

    What information can you infer about server-side technologies? What can you conjecture about other content and functionality that may exist?

  4. A web server's responses include the following header:
    Server: Apache-Coyote/1.1

    What does this indicate about the technologies in use on the server?

  5. You are mapping two different web applications, and you request the URL /admin.cpf from each application. The response headers returned by each request are shown here. From these headers alone, what can you deduce about the presence of the requested resource within each application?
    HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Expires: Mon, 20 Jun 2011 14:59:21 GMT Content-Location: http://wahh- app.com/includes/error.htm?404;http://wahh-app.com/admin.cpf Date: Mon, 20 Jun 2011 14:59:21 GMT Content-Type: text/html Accept-Ranges: bytes Content-Length: ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required