The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws



Download 5,76 Mb.
Pdf ko'rish
bet754/875
Sana01.01.2022
Hajmi5,76 Mb.
#293004
1   ...   750   751   752   753   754   755   756   757   ...   875
Bog'liq
3794 1008 4334

440

Chapter 12 



Attacking Other Users

70779c12.qxd:WileyRed  9/14/07  3:14 PM  Page 440


user’s token, causing it to be used to make requests that the user does not

intend to make.

Request forgery vulnerabilities come in two flavors: on-site and cross-site.

On-Site Request Forgery

On-site request forgery (OSRF) is a familiar attack payload for exploiting

stored XSS vulnerabilities. In the MySpace worm, Samy placed a script within

his profile that caused any user viewing the profile to perform various unwit-

ting actions. What is often overlooked is that stored OSRF vulnerabilities can

exist even in situations where XSS is not possible.

Consider a message board application that lets users submit items that are

viewed by other users. Messages are submitted using a request like the

 following:

POST /submit.php

Host: wahh-app.com

Content-Length: 34

type=question&name=daf&message=foo

This request results in the following being added to the messages page:











In this situation, you would of course test for XSS flaws. However, suppose

that the application is properly HTML-encoding any 

“ <


and 

>

characters that



it inserts into the page. Having satisfied yourself that this defense cannot be

bypassed in any way, you might move on to the next test.

But look again. You control part of the target of the 

tag. Although you

cannot break out of the quoted string, you can modify the URL to cause any

user who views your message to make an arbitrary on-site 

GET

request. For



example, submitting the following value in the 

type


parameter will cause any-

one viewing your message to make a request that attempts to add a new

administrative user:

../admin/newUser.php?username=daf2&password=0wned&role=admin#

When an ordinary user is induced to issue your crafted request, it will of

course fail. But when an administrator views your message, your backdoor

account gets created. You have performed a successful OSRF attack even

daf foo

Download 5,76 Mb.

Do'stlaringiz bilan baham:
1   ...   750   751   752   753   754   755   756   757   ...   875



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish