The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

■

Attacking Application Logic

 evidence within the audit trail that could identify them as responsible. The

steps required are:

1. Log in using your own account, and create a second user account.

2. Assign all of your privileges to the new account.

3. Use the new account to perform a malicious action of your choice.

4. Use the new account to delete all of the audit log entries generated by

the first three steps.

Each of these actions generates entries in the audit log. However, in the last

step, the attacker deletes all of the entries created by the preceding actions. The

audit log now contains a single suspicious entry, indicating that some log

entries were deleted by a specific user — that is, by the new user account that

was created by the attacker. However, because the previous log entries have

been deleted, there is nothing in the logs to link the attacker to anything sus-

picious. The perfect crime.