We của bạn đã thấy trong chương này rằng chương trình CGI và các kịch bản chạy trên phía máy chủ, và hành động như một trung gian giữa máy chủ Web và bên ngoài được sử dụng rất nhiều trên các trang web trên Web, | 224 Chapter 6 Code Auditing and Reverse Engineering automatic variable expansion or garbage collection exists to make your life easier. Note Technically various C classes do handle automatic variable expansion making the variable larger when there s too much data to put it in and garbage collection. But such classes are not really standard and widely vary in features. C does not use such classes. C C can prove mighty challenging for you to thoroughly audit due to the extensive control an application has and the amount of things that could potentially go wrong. My best advice is to take a deep breath and plow forth tackling as much as you can in the process. Reviewing ColdFusion ColdFusion is an inline HTML embedded scripting language by Allaire. Similar to JSP ColdFusion scripting looks much like HTML tags therefore you need to be careful you don t overlook anything nestled away inside what appears to be benign HTML markup. ColdFusion is a highly database-centric language its core functionality is mostly comprised of database access formatted record output and light string manipulation and calculation. But ColdFusion is extensible via various means Java beans external programs objects and so on so you must always keep tabs on what external functionality ColdFusion scripts may be can find more information on ColdFusion in Chapter 10. Looking for Vulnerabilities What follows are a collection of problem areas and the specific ways you can look for them. The majority of the problem areas all are based on a single principle use of a function that interacts with user-supplied data. Code Auditing and Reverse Engineering Chapter 6 225 Realistically you will want to look at every such function but doing so may require too much time. So we have compiled a list of the higher risk functions with which remote attackers have been known to take advantage ofWeb applications. Because the attacker will masquerade as a user we only need to look at areas in