tailieunhanh - Hacking Exposed ™ Web 2.0 phần 9
.2. Kẻ tấn công sau đó tải các khung khai thác trình duyệt (thịt bò tại www . / tools / thịt bò / vào trình duyệt của nạn nhân như thể nó đã được bao gồm từ các trang web dễ bị tổn thương. Điều này sẽ cho phép khai thác linh hoạt hơn, thời gian thực, các nạn nhân , | 198 Hacking Exposed Web The ActiveX technology was introduced by Microsoft in the 1990s to allow developers to do more with their web applications. ActiveX is often used when a rich set of functionality is required on a Windows machine such as patch installation Windows Update multimedia Flash WMP QT and document viewing Acrobat . ActiveX control components are downloaded to user s browser and or operating system and integrates with a web application. Traditional web applications Web might require Win32 clients on the operating system OS for an ideal user experience however Web trends involve clients running in the browser rather than the OS. As sites move away from the thick clients solely on the OS web applications are relying on ActiveX controls that will still depend on the OS but now reside inside the browser itself. Using some type of client with a web application is becoming more popular as applications try to do more on the web than simply display static content. ActiveX is a Component Object Model COM object. COM is used to enable interprocess communications IPC through various parts of the OS and its applications. COM also is used for intraprocess communication meaning the control is loaded in-process. The latter is the most common usage scenario for ActiveX controls. COM is used with ActiveX primarily because it provides a common interface for interacting with arbitrary objects. ActiveX objects allows a program to self-register add registry file system entries and automatically run. Essentially COM objects allow methods and interfaces to be called from one application to another without them having to know the ins and outs of the application itself. A simple example of COM is allowing Microsoft Word to incorporate data from MS Excel in real-time with no copying and pasting required . Unlike many items that are downloaded via a browser ActiveX controls have access to the Windows operating system. Since ActiveX is a COM object the currently .
đang nạp các trang xem trước