The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws


can only be used to issue requests to the same domain as the page that is



Download 5,76 Mb.
Pdf ko'rish
bet670/875
Sana01.01.2022
Hajmi5,76 Mb.
#293004
1   ...   666   667   668   669   670   671   672   673   ...   875
Bog'liq
3794 1008 4334

can only be used to issue requests to the same domain as the page that is

invoking it. Without this restriction, Ajax could be used to trivially violate the

browser’s same origin policy, by enabling applications to retrieve and process

data from a different domain.

Chaining XSS and Other Attacks

XSS flaws can sometimes be chained with other vulnerabilities to devastating

effect. The authors encountered an application that had a stored XSS vulnera-

bility within the user’s display name. The only purpose for which this item

was used was to show a personalized welcome message after the user logged

in. The display name was never displayed to other application users, so there

initially appeared to be no attack vector for users to cause problems by editing

their own display name. Other things being equal, the vulnerability would be

classified as very low risk.

70779c12.qxd:WileyRed  9/14/07  3:14 PM  Page 390



However, a second vulnerability existed within the application. Defective

access controls meant that any user could edit the display name of any other

user. Again, on its own, this issue had minimal significance: Why would an

attacker be interested in changing the display name of other users?

Chaining these two low-risk vulnerabilities together enabled an attacker to

completely compromise the application. It was trivial to automate an attack 

to inject a script into the display name of every application user. This script

executed every time a user logged in to the application, and transmitted the

user’s session token to a server owned by the attacker. Some of the applica-

tion’s users were administrators, who logged in frequently and had the abil-

ity to create new users and modify the privileges of other users. An attacker

simply had to wait for an administrator to log in, hijack the administrator’s

session, and then upgrade their own account to have administrative privi-

leges. The two vulnerabilities together represented a critical risk to the secu-

rity of the application.


Download 5,76 Mb.

Do'stlaringiz bilan baham:
1   ...   666   667   668   669   670   671   672   673   ...   875



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish