Wednesday, April 30, 2014

Denial of Service (DoS) Attack

What is a DoS attack?
A Denial of Service (DoS) attack is focused on making a service unavailable for its intended use. There are numerous ways to accomplish this attack. The two Gruyere specifies are quit the server and overload the server.

Exploit:
Protecting a web application against DoS attacks is outside the scope of Gruyere's tutorials and attacking Gruyere in this fashion is considered malicious to the app engine. Because of the many ways to perform a DoS attack, Gruyere only provides brief, Gruyere specific, exploit information.

Quit the server:
(This is a form of white box hacking where we have access to the system's source code). This exploit takes advantage of a bug in the system where a user does not have to have admin rights in order to request to "quit server". This is identified by looking at the server management source code and simply requesting the following url:
http://google-gruyere.appspot.com/123/quitserver

Overloading the server:
This exploit takes advantage of a bug in Gruyere's system that allows users to inject their own files into Gruyere's source code. The purpose of this attack is to make server resources unavailable to ordinary requests by either sending more requests than a server can handle or using all the servers resources (memory, CPU, storage).

Fix:
There are a large variety of DoS attacks that are specific to each web application, so Gruyere doesn't detail any fixes. For more information visit:

https://www.owasp.org/index.php/Denial_of_Service

http://google-gruyere.appspot.com/part4#4__denial_of_service
Posted by at No comments:

Tuesday, April 29, 2014

Path Traversal

What is Path Traversal?
Path Traversal is using knowledge of file paths and directories to gain access to information a user should not have access to. In both Windows and Linux file systems '..' represents the parent directory. Using ../../secretFile.txt, a user can access secretFile.txt without the knowledge of specific directory information.

Exploit:
An attacker simply needs to know the name of the file stored on the server to gain access to it. According to Gruyere, most developers don't even change the default file structure for their web application.

If an attacker knows the structure of your file system, then they can craft a URL that will traverse out of the installation directory to /etc. For example, if Picasa was vulnerable to path traversal and the Picasa servers use a Unix-like system, then the following would retrieve the password file:
http://www.picasa.com/../../../../../../../etc/passwd

Fix:
Most web browsers, like Chrome and Firefox, optimize out '..' in urls, but this can be circumvented by using a different browser or a web proxy.

Gruyere suggests to serve only specific resource files. This can be accomplished by hardcoding a list of accessible files when the application starts. Only requests for those files will be accepted.


Posted by at No comments:

Tuesday, April 15, 2014

Cross-Site Script Inclusion (XSSI)

What is Cross-Site Script Inclusion (XSSI)?
Web browsers prevent web pages from one domain from reading information from a page on another domain, but browsers do allow images to be loaded from another domain and for scripts to be run from another domain. This can be exploited to read user data from one domain when that user is accessing another domain.

Exploit:
Say www.amazon.com has a script that reads your private account information from its servers. That script can be added to www.hackersite.com. When you access www.hackersite.com, it will pull information included in your private account from Amazon's server and can store it HackerSite's server.

Example:

Step 1: You can run a script from another website by including a
<script src="www.domain.com"></script> 
to your web application


Step 2: So I can use the example script
<script src="http://amazon.com/accountstuff/info.gtl"></script> 
and add that to my website (www.hackersite.com) to access your Amazon account information when you access my site (www.hackersite.com).

Fix:
OWASP details fixes on their website:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

http://google-gruyere.appspot.com/part3#3__cross_site_script_inclusion



Posted by at No comments:
Subscribe to: Posts (Atom)