The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

The application implemented various functions enabling helpdesk personnel

and administrators to support and manage a large user base. Many of these

functions were security-sensitive, including the creation of accounts and the

resetting of passwords. Hence, the application maintained a full audit trail,

recording every action performed and the identity of the user responsible.

The application included a function allowing administrators to delete audit

trail entries. However to protect this function from being maliciously exploited,

any use of the function was itself recorded, so the audit trail would indicate the

identity of the user responsible. 

The designers of the application believed that it would be impossible for a

malicious user to perform an undesirable action without leaving some evi-

dence in the audit trail that would link them to the action. An attempt by an

administrator to cleanse the audit logs altogether would always leave one last

entry that would point the finger of suspicion at them.

The designers’ assumption was flawed, and it was possible for a malicious

administrative user to carry out arbitrary actions without leaving any

70779c11.qxd:WileyRed  9/14/07  3:14 PM  Page 359

Download 5,76 Mb.

Do'stlaringiz bilan baham: