O'Reilly logo

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition by Marcus Pinto, Dafydd Stuttard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Questions

Answers can be found at http://mdsec.net/wahh.

  1. While probing for SQL injection vulnerabilities, you request the following URL:
    https://wahh-app.com/list.aspx?artist=foo'+having+1%3d1--

    You receive the following error message:

    Server: Msg 170, Level 15, State 1, Line 1
    Line 1: Incorrect syntax near 'having1'.

    What can you infer from this? Does the application contain any exploitable condition?

  2. While you are performing fuzz testing of various parameters, an application returns the following error message:
    Warning: mysql_connect() [function.mysql-connect]: Access denied for
    user 'premiumdde'@'localhost' (using password: YES) in
    /home/doau/public_html/premiumdde/directory on line 15
    Warning: mysql_select_db() [function.mysql-select-db]: Access denied
    for user 'nobody'@'localhost' (using password: NO) in
    /home/doau/public_html/premiumdde/directory on line 16
    Warning: mysql_select_db() [function.mysql-select-db]: A link to
    the server could not be established in
    /home/doau/public_html/premiumdde/directory on line 16
    Warning: mysql_query() [function.mysql-query]: Access denied for
    user 'nobody'@'localhost' (using password: NO) in
    /home/doau/public_html/premiumdde/directory on line 448

    What useful items of information can you extract from this?

  3. While mapping an application, you discover a hidden directory on the server that has directory listing enabled and appears to contain a number of old scripts. Requesting one of these scripts returns the following error message: ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required