HACKING EXPOSED WEB APPLICATIONS, 3rd Edition

Paros Proxy, 18, 19

See also HTTP proxies

PassMark/SiteKey, 140141

Passport, 142146

passwords

error messages in password change, 123124

guessing, 124130

one-time passwords. See one-time passwords

See also authentication

patches, security, 102103

paths, 4

PEAR/PHP XML-RPC code execution, 9092

countermeasure, 93

penetration testing, 426427

pen-testing, 426427

PeopleSoft, 7274

permissions, using Curl to map, 196199

personally identifiable information (PII), 361

phishing, 346348

countermeasures, 349350

PHP

best practices, 115117

global variables , 229230

phpBB DoS vulnerabilities, 377378

PHP remote inclusion, 9395

countermeasure, 95

piggybacking, client-side, 152

PII, 361

pipe characters , 227228

Plupii worm, 90

point-and-click exploitation, 8184

ports

common ports used for web management, 481482

proprietary management ports, 295, 296

POST data, manual tampering attacks against, 171172

probability, 405

profiling

application, 4074

banner grabbing , 2930

BroadVision, 7172

common web app profiles, 7074

fingerprinting, 3032

footprinting, 2829

infrastructure, 2840

Lotus Domino, 74

Oracle Application Server, 71

PeopleSoft, 7274

search tools, 6065

tools and techniques, 475

and username enumeration, 123

WebSphere, 74

Protected Mode IE (PMIE), 360

proxies

detecting, 3638

HTTP, 1723

mega-proxies, 385

reverse, 3637

standard connect test, 37

standard proxy request, 3738