Hacking: The Next Generation by Nitesh Dhanjani;Billy Rios;Brett Hardin
Author:Nitesh Dhanjani;Billy Rios;Brett Hardin
Format: mobi
Tags: COMPUTERS / Security / General
Publisher: O'Reilly Media
Published: 2009-08-28T23:00:00+00:00
Ignoring the fact that the credentials could possibly be sent to a clear-text email account, one piece of the message is particularly interesting from a security standpoint. SalesForce.com not only provides the username and password for the newly created account, but it also provides a link that passes the username and password in the URL. Figure 5-21 shows the username and password being provided in the URL.
Figure 5-21. SalesForce.com username and password in link
Passing sensitive data in URLs brings about some unique security challenges. One of the potential security issues involved with passing sensitive data in the URL is the possibility that Google (or some other search engine) may cache the sensitive data. Having a basic understanding of how to craft a Google query comes in handy. Here the attacker is looking for the following: pw= in the query string, and results filtered to the SalesForce.com domain. Here is the resulting Google query:
http://www.google.com/search?
q=inurl:%22pw%3D%22+site:salesforce.com&hl=en&filter=0
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
| Blogging & Blogs | eBay |
| E-Commerce | Hacking |
| Online Searching | Podcasts & Webcasts |
| Search Engine Optimization | Social Media |
| Social Media for Business | Web Browsers |
| Web Marketing |
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7421)
Grails in Action by Glen Smith Peter Ledbrook(7316)
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(5986)
Kotlin in Action by Dmitry Jemerov(4665)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3037)
Learning React: Functional Web Development with React and Redux by Banks Alex & Porcello Eve(2855)
WordPress Plugin Development Cookbook by Yannick Lefebvre(2645)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2528)
The Art Of Deception by Kevin Mitnick(2311)
Drugs Unlimited by Mike Power(2198)
Kali Linux - An Ethical Hacker's Cookbook: End-to-end penetration testing solutions by Sharma Himanshu(2110)
Writing for the Web: Creating Compelling Web Content Using Words, Pictures and Sound (Eva Spring's Library) by Lynda Felder(2069)
SEO 2018: Learn search engine optimization with smart internet marketing strategies by Adam Clarke(2024)
JavaScript by Example by S Dani Akash(1954)
Wireless Hacking 101 by Karina Astudillo(1859)
DarkMarket by Misha Glenny(1852)
Full-Stack React Projects by Shama Hoque(1783)
Social Selling Mastery by Jamie Shanks(1757)
Hack and HHVM by Owen Yamauchi(1682)
