The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

In any instance where users enter sensitive data into text input fields, the

autocomplete=off

attribute should be specified within the form or field tag.

Advanced Exploitation Techniques

This section does not describe any new categories of vulnerability that arise

within web applications. Rather, it describes some advanced techniques that may

be employed in the course of exploiting the vulnerabilities already examined.

Leveraging Ajax

We described earlier how Ajax techniques can be used to implement sophisti-

cated user interfaces that behave more like local desktop software than older

web applications ever could.

The ability of Ajax to carry out actions behind the scenes in a flexible and

powerful way makes it extremely attractive to someone seeking to attack other

users of an application. If an attacker has the ability to execute arbitrary

JavaScript within the browser of a victim user (for example, via an XSS vul-

nerability), then he can use Ajax techniques to perform arbitrarily complex

actions involving multiple requests to the vulnerable application.

You have already seen 

XMLHttpRequest

being used to generate a 

TRACE

request to a web application that employed 

HttpOnly

cookies. The following

example shows a more sophisticated attack in which two requests are made to

perform an action on behalf of a victim user. Suppose that a web application

allows authenticated users to view and update their account details, including

their current password, which is masked on-screen. If the application contains

an XSS flaw anywhere within its functionality, then an attacker can inject the

following script to reset the user’s password:

Download 5,76 Mb.

Do'stlaringiz bilan baham: