O'Reilly logo

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition by Marcus Pinto, Dafydd Stuttard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Gathering Published Information

Aside from the disclosure of useful information within error messages, the other primary way in which web applications give away sensitive data is by actually publishing it directly. There are various reasons why an application may publish information that an attacker can use:

  • By design, as part of the application's core functionality
  • As an unintended side effect of another function
  • Through debugging functionality that remains present in the live application
  • Because of some vulnerability, such as broken access controls

Here are some examples of potentially sensitive information that applicationsoften publish to users:

  • Lists of valid usernames, account numbers, and document IDs
  • User profile details, including user roles and privileges, date of last login, and account status
  • The current user's password (this is usually masked on-screen but is present in the page source)
  • Log files containing information such as usernames, URLs, actions performed, session tokens, and database queries
  • Application details in client-side HTML source, such as commented-out links or form fields, and comments about bugs

HACK STEPS

  1. Review the results of your application mapping exercises (see Chapter 4) to identify all server-side functionality and client-side data that may be used to obtain useful information.
  2. Identify any locations within the application where sensitive data such as passwords or credit card details are transmitted from the server to the browser. Even ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required