The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

Pdf ko'rish

bet	394/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 390 391 392 393 394 395 396 397 ... 875

Bog'liq
3794 1008 4334

220

Chapter 8

■

Attacking Access Controls

70779c08v6.5.qxd 9/14/07 3:18 PM Page 220

T I P

This type of vulnerability often arises when the main application is

interfacing to an external system or back-end component. It can be difficult to

share a session-based security model between different systems that may be

based on diverse technologies. Faced with this problem, developers frequently

take a shortcut and move away from that model, using client-submitted

parameters to make access control decisions.

In this example, an attacker seeking to gain unauthorized access needs to

know not only the name of the application page (

ViewDocument.php

) but also

the identifier of the document he wishes to view. Sometimes, resource identi-

fiers are generated in a highly unpredictable manner — for example, they may

be randomly chosen GUIDs. In other cases, they may be easily guessed — for

example, they may be sequentially generated numbers. However, the applica-

tion is vulnerable in both cases. As described previously, URLs do not have the

status of secrets, and the same applies to resource identifiers. Often, an

attacker wishing to discover the identifiers of other users’ resources will find

some location within the application that discloses these, such as access logs.

Even where an application’s resource identifiers cannot be easily guessed, it is

still vulnerable if it fails to properly control access to those resources. In cases

where the identifiers are easily predicted, the problem is even more serious

and more easily exploited.

T I P

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 390 391 392 393 394 395 396 397 ... 875