The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws


Chapter 7  ■ Attacking Session Management



Download 5,76 Mb.
Pdf ko'rish
bet365/875
Sana01.01.2022
Hajmi5,76 Mb.
#293004
1   ...   361   362   363   364   365   366   367   368   ...   875
Bog'liq
3794 1008 4334

Chapter 7 



Attacking Session Management



203

70779c07.qxd:WileyRed  9/14/07  3:13 PM  Page 203



Because cookies are automatically resubmitted to every subdomain within

their scope, when a user who is logged in browses the blogs of other users,

their session token will be submitted with their requests. If blog authors are

permitted to place arbitrary JavaScript within their own blogs (as is usually

the case in real-world blog applications), then a malicious blogger will be able

to steal the session tokens of other users in the same way as is done in a stored

cross-site scripting attack (see Chapter 12).

The problem arises because user-authored blogs are created as subdomains

of the main application that handles authentication and session management.

There is no facility within HTTP cookies for the application to prevent cookies

issued by the main domain from being resubmitted to its subdomains.

The solution is to use a different domain name for the main application (for

example, 

www.wahh-blogs.com

), and scope the domain of its session token

cookies to this fully qualified name. The session cookie will not then be sub-

mitted when a logged-in user browses the blogs of other users.

A different version of this vulnerability arises when an application explicitly

sets the domain scope of its cookies to a parent domain. For example, suppose

that a security-critical application is located at the domain 

sensitiveapp

.wahh-organization.com

. When it sets cookies, it explicitly liberalizes their

domain scope, as follows:

Set-cookie: sessionId=12df098ad809a5219; domain=wahh-organization.com

The consequence of this is that the sensitive application’s session token cook-

ies will be submitted when a user visits every subdomain used by 

wahh-orga-

nization.com

, including:

www.wahh-organization.com

testapp.wahh-organization.com

Although these other applications may all belong to the same organization

as the sensitive application, it is undesirable for the sensitive application’s

cookies to be submitted to other applications, for several reasons:

■■

The personnel responsible for the other applications may have a differ-



ent level of trust than those responsible for the sensitive application.

■■

The other applications may contain functionality which enables third



Download 5,76 Mb.

Do'stlaringiz bilan baham:
1   ...   361   362   363   364   365   366   367   368   ...   875



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish