Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri
Author:Simone Onofri & Donato Onofri
Language: eng
Format: epub
Publisher: Packt
Published: 2023-10-15T00:00:00+00:00
Starting the dynamic analysis process
According to Olivier Laflammeâs article, the vulnerable page is the one that provides network reachability tests. This page can be accessed via http://192.168.8.1/#/ping.
The vulnerable parameters are ping_addr and trace_addr, which are used to determine the host or address to reach.
Unfortunately, these parameters can be manipulated to include additional commands beyond what the application initially intended. This is because the parameter is used in a command-line call, and the semicolon (;) can queue up extra commands.
Letâs check whether the vulnerability is still there:
From Burpâs Chromium, visit http://192.168.8.1/#/ping. Once the page loads, enable Intercept and, in the browser, enter 192.168.8.1 as the address to test. Then, click Ping:
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
| Cryptography | Encryption |
| Hacking | Network Security |
| Privacy & Online Safety | Security Certifications |
| Viruses |
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(6184)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(5878)
Machine Learning Security Principles by John Paul Mueller(5863)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(5524)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(5508)
Solidity Programming Essentials by Ritesh Modi(3824)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(3472)
Mastering Python for Networking and Security by José Manuel Ortega(3314)
Future Crimes by Marc Goodman(3303)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3302)
Blockchain Basics by Daniel Drescher(3266)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(3183)
Learn Computer Forensics - Second Edition by William Oettinger(2976)
Mobile App Reverse Engineering by Abhinav Mishra(2859)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2831)
The Code Book by Simon Singh(2767)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2755)
Incident Response with Threat Intelligence by Roberto Martínez(2672)
The Art Of Deception by Kevin Mitnick(2577)
