O'Reilly logo

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition by Marcus Pinto, Dafydd Stuttard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Questions

Answers can be found at http://mdsec.net/wahh.

  1. A network device provides a web-based interface for performing device configuration. Why is this kind of functionality often vulnerable to OS command injection attacks?
  2. You are testing the following URL:
    http://wahh-app.com/home/statsmgr.aspx?country=US

    Changing the value of the country parameter to foo results in this error message:

    Could not open file: D:\app\default\home\logs\foo.log (invalid file).

    What steps could you take to attack the application?

  3. You are testing an AJAX application that sends data in XML format within POST requests. What kind of vulnerability might enable you to read arbitrary files from the server's filesystem? What prerequisites must be in place for your attack to succeed?
  4. You make the following request to an application that is running on the ASP.NET platform:
    POST /home.aspx?p=urlparam1&p=urlparam2 HTTP/1.1
    Host: wahh-app.com
    Cookie: p=cookieparam
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 15
    
    p=bodyparam

    The application executes the following code:

    String param = Request.Params[“p”];

    What value does the param variable have?

  5. Is HPP a prerequisite for HPI, or vice versa?
  6. An application contains a function that proxies requests to external domains and returns the responses from those requests. To prevent server-side redirection attacks from retrieving protected resources on the application's own web server, the application blocks requests targeting localhost or 127.0.0.1. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required