- Forward


Miscellaneous WWW Programming Vulnerabilities/Attacks
Other than XSS and XSRF


Prof. David Bernstein
James Madison University

Computer Science Department
bernstdh@jmu.edu

Print

Session Fixation
Back SMYC Forward
  • The Nature of the Vulnerability:
    • A session ID is created by the user and accepted by the server
  • The Nature of the Attack:
    • The attacker sends a URL (including the ID) to the user who clicks on it and authenticates her/himself (validating the ID)
    • The attacker uses the ID until the user logs out (invalidating the ID)
  • Mitigation:
    • Don't create session IDs on the client
    • Don't re-use session IDs
Clickjacking/User Interface Redress
Back SMYC Forward
  • The Nature of the Vulnerability:
    • A trusted HTML document that can be displayed in a frame under a malicious document
  • The Nature of the Attack:
    • A malicious document displays the trusted document in a frame under itself tricking the user into clicking on malicious links rather than trusted links
  • Mitigation:
    • Use the X-Frame-Options HTTP header to control the display of a document in a frame
    • Use a client-side script that breaks the document out of a frame
  • Notes:
    • This same kind of attack can be accomplished without frames using CSS and is difficult to mitigate
    • This attack is closely related to site impersonation/forgery
Magic URLs
Back SMYC Forward
  • The Nature of the Vulnerability:
    • URLs that contain secret/private information
  • The Nature of the Attack:
    • The attacker gains access to the URL (e.g., through the user-agent's history)
  • Mitigation:
    • Do not include secret/private information in URLs
    • Use strong encryption
Predictable Cookies
Back SMYC Forward
  • The Nature of the Vulnerability:
    • Cookies are generated in a systematic way
  • The Nature of the Attack:
    • The attacker makes multiple requests to obtain multiple cookies, identifies the pattern, and creates a fraudulent cookie
  • Mitigation:
    • Use strong encryption
There's Always More to Learn
Back -