Manipulating the Web

This chapter deals with the subject of web application penetration testing. Tools like Paros Proxy or Tamper Data could also be used for manipulating the results of online polls. While Firebug was originally created as a web developer's tool, creative penetration testers have used Firebug to find many cross-site scripting and cross-site request forgery vulnerabilities. Firebug is also useful in searching for ways to break client-site input validation in target web pages or web applications. To understand how an SQL injection attack works, it is necessary to understand what information is sent when a user enters their username and password into a form. Validation is a countermeasure that is used to combat malicious inputs (i.e., changing the price as we showed in the first part of this chapter), SQL injection, and XSS. While ordinary users do not normally have direct access to the database, encrypting the passwords and storing them as a salted hash is a small.