The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Chapter 10, “Exploiting Path Traversal,” examines a small but important

category of vulnerabilities that arise when user input is passed to file system

APIs in an unsafe way, enabling an attacker to retrieve or modify arbitrary

files on the web server. We describe various bypasses that may be effective

against the defenses commonly implemented to prevent path traversal

attacks.

Chapter 11, “Attacking Application Logic,” examines a significant, and fre-

quently overlooked, area of every application’s attack surface: the internal

logic which it carries out to implement its functionality. Defects in an applica-

tion’s logic are extremely varied and are harder to characterize than common

vulnerabilities like SQL injection and cross-site scripting. For this reason, we

present a series of real-world examples where defective logic has left an appli-

cation vulnerable, and thereby illustrate the variety of faulty assumptions

made by application designers and developers. From these different individ-

ual flaws, we w derive a series of specific tests that you can perform to locate

many types of logic flaws that often go undetected.

Chapter 12, “Attacking Other Users,” covers a large and very topical area of

related vulnerabilities which arise when defects within a web application can

enable a malicious user of the application to attack other users and compro-

mise them in various ways. The largest vulnerability of this kind is cross-site

scripting, a hugely prevalent flaw affecting the vast majority of web applica-

tions on the Internet. We examine in detail all of the different flavors of XSS

vulnerabilities, and describe an effective methodology for detecting and

exploiting even the most obscure manifestations of these. We then look at sev-

eral other types of attacks against other users, including redirection attacks,

HTTP header injection, frame injection, cross-site request forgery, session fixa-

tion, exploiting bugs in ActiveX controls, and local privacy attacks.

Chapter 13, “Automating Bespoke Attacks,” does not introduce any new

categories of vulnerability, but instead, describes a crucial technique which

you need to master to attack web applications effectively. Because every web

application is different, most attacks are bespoke (or custom-made) in some

way, tailored to the application’s specific behavior and the ways you have dis-

covered to manipulate it to your advantage. They also frequently require issu-

ing a large number of similar requests and monitoring the application’s

responses. Performing these requests manually is extremely laborious and one

is prone to make mistakes. To become a truly accomplished web application

hacker, you need to automate as much of this work as possible, to make your

bespoke attacks easier, faster, and more effective. In this chapter, we describe

in detail a proven methodology for achieving this.

Chapter 14, “Exploiting Information Disclosure,” examines various ways in

which applications leak information when under active attack. When you are

performing all of the other types of attacks described in this book, you should

always monitor the application to identify further sources of information

Download 5,76 Mb.

Do'stlaringiz bilan baham: