Chapter 12  ■ Attacking Other Users

example, by placing relevant keywords within the site content and link-

ing to the site using relevant expressions. This delivery mechanism has

nothing to do with phishing, however — the attacker’s site does not

attempt to impersonate the site that it is targeting.

Note that this delivery mechanism can enable an attacker to exploit

reflected and DOM-based XSS vulnerabilities that can be triggered only

via 

POST

requests. With these vulnerabilities, there is obviously not a

simple URL that can be fed to a victim user to deliver an attack. How-

ever, a malicious web site may contain an HTML form that uses the

POST

method and has the vulnerable application as its target URL.

JavaScript or navigational controls on the page can be used to submit

the form, successfully exploiting the vulnerability.

■■

In a variation on the third-party web site attack, some attackers have

been known to pay for banner advertisements that link to a URL con-

taining an XSS payload for a vulnerable application. If a user is logged

in to the vulnerable application, and clicks on the ad, then her session

with that application is compromised. Because many providers use

keywords to assign advertisements to pages that are related to them,

cases have even arisen where an ad attacking a particular application is

assigned to the pages of that application itself! This not only lends cred-

ibility to the attack but also guarantees that someone who clicks on the

ad is using the vulnerable application at the moment the attack strikes.

Further, because many banner ad providers charge on a per-click basis,

this technique effectively enables an attacker to “buy” a specific num-

ber of user sessions.

■■

Many web applications implement a function to “tell a friend” or send

feedback to site administrators. This function often enables a user to

generate an email with arbitrary content and recipients. An attacker

may be able to leverage this functionality to deliver an XSS attack via

an email that actually originates from the organization’s own server,

increasing the likelihood that even technically knowledgeable users and

anti-malware software will accept it.

Download 5,76 Mb.

Do'stlaringiz bilan baham: