The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Following a successful port scan to identify other hosts, a malicious script can

attempt to fingerprint each discovered service and then attack it in various

ways. Many web servers contain image files located at unique URLs. The fol-

lowing code checks for a specific image associated with a popular range of

DSL routers:

If the function 

is not invoked, then the server has been success-

fully fingerprinted. The script can then proceed to attack the web server, either

by exploiting any known vulnerabilities in the particular software, or by per-

forming a request forgery attack (described later in this chapter). In this exam-

ple, the attacker could attempt to reconfigure the router to open up additional

ports on its external interface, or expose its administrative function to the

world. Note that many highly effective attacks of this kind only require the

ability to issue arbitrary requests, not to process their responses, and so are not

affected by the browser’s same origin policy.

In certain situations, an attacker may be able to leverage anti-DNS pinning

techniques to violate the same origin policy and actually retrieve content from

web servers on the local network. These attacks are described later in this

chapter.

some interesting research demonstrating the possibilities for attacking other

network services via a hijacked browser. See the following paper for more

details: 

www.ngssoftware.com/research/papers/InterProtocolExploitation.pdf