The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

the application’s behavior leaves it vulnerable to OSRF

Download 5,76 Mb.

Pdf ko'rish

bet	756/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 752 753 754 755 756 757 758 759 ... 875

Bog'liq
3794 1008 4334

the application’s behavior leaves it vulnerable to OSRF.

■

The vulnerability typically arises where user-supplied data is inserted

into the target of a hyperlink or other URL within the returned page.

Unless the application specifically blocks any characters you require (typ-

ically dots, slashes, and the delimiters used in the query string), it is

almost certainly vulnerable.

■

If you discover an OSRF vulnerability, look for a suitable request to target

in your exploit, as described in the next section for XSRF.

OSRF vulnerabilities can be prevented by validating user input as strictly as

possible before it is incorporated into responses. For example, in the specific

case described, the application could verify that the

type

parameter has one of

a specific range of values. If the application must accept other values that it

cannot anticipate in advance, then input containing any of the characters

/ .

\ ? &

and

should be blocked.

Note that HTML-encoding these characters is not an effective defense

against OSRF attacks, because browsers will decode the target URL string

before it is requested.

Depending on the insertion point and the surrounding context, it may also

be possible to prevent OSRF attacks using the same defenses described in the

next section for XSRF attacks.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 752 753 754 755 756 757 758 759 ... 875