Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri
Author:Simone Onofri & Donato Onofri
Language: eng
Format: epub
Publisher: Packt
Published: 2023-10-15T00:00:00+00:00
Starting the dynamic analysis process
According to Olivier Laflammeâs article, the vulnerable page is the one that provides network reachability tests. This page can be accessed via http://192.168.8.1/#/ping.
The vulnerable parameters are ping_addr and trace_addr, which are used to determine the host or address to reach.
Unfortunately, these parameters can be manipulated to include additional commands beyond what the application initially intended. This is because the parameter is used in a command-line call, and the semicolon (;) can queue up extra commands.
Letâs check whether the vulnerability is still there:
From Burpâs Chromium, visit http://192.168.8.1/#/ping. Once the page loads, enable Intercept and, in the browser, enter 192.168.8.1 as the address to test. Then, click Ping:
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
| Cryptography | Encryption |
| Hacking | Network Security |
| Privacy & Online Safety | Security Certifications |
| Viruses |
Future Crimes by Marc Goodman(3025)
Mastering Python for Networking and Security by José Manuel Ortega(3003)
Blockchain Basics by Daniel Drescher(2928)
Practical Threat Detection Engineering by Megan Roddie & Jason Deyalsingh & Gary J. Katz(2849)
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(2681)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2539)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2510)
Machine Learning Security Principles by John Paul Mueller(2415)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(2404)
The Art Of Deception by Kevin Mitnick(2325)
The Code Book by Simon Singh(2250)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(2087)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(2078)
Solidity Programming Essentials by Ritesh Modi(2013)
Hands-On AWS Penetration Testing with Kali Linux by Benjamin Caudill & Karl Gilbert(1919)
Wireless Hacking 101 by Karina Astudillo(1872)
DarkMarket by Misha Glenny(1865)
Applied Network Security by Arthur Salmon & Michael McLafferty & Warun Levesque(1855)
Mobile Forensics Cookbook by Igor Mikhaylov(1828)
