1 / 16

Middleware Vulnerabilities

Middleware Vulnerabilities. Damian Tamayo Kansas State University MSE 2 nd Semester. Overview. Common Attacks Examples Possible Solutions. Common Attacks. Overflows String Format/Validation Race Conditions - permissions Cross Site Scripting. Attacks Defined.

tom
Télécharger la présentation

Middleware Vulnerabilities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2nd Semester

  2. Overview • Common Attacks • Examples • Possible Solutions

  3. Common Attacks • Overflows • String Format/Validation • Race Conditions - permissions • Cross Site Scripting

  4. Attacks Defined • Buffer Overflow – overwriting allocated buffer • String Format/Validation – send commands through user input • Race Conditions – interrupt handling • Cross Site Scripting – script injection on client side applications

  5. Examples - Overflow

  6. Overflow Continued

  7. Overflow Continued

  8. Possible Solutions • Check for buffer/string lengths • Use operations that are safe • C/C++ • strncpy • strncat • Java/EJB’s • Technically “No” • Theoretically possible

  9. String Format/User Validation • External Commands to the system • URL • Form Control Commands • “:” • “god” like query ability

  10. Possible Solutions • Perform checks on user input • Don’t use shortcuts to format strings • Filters

  11. Race Condition • Interrupts are not handled correctly • System raises privilege level to perform operation • System handles interrupt • Attacker sends command at higher privilege than user

  12. Possible Solutions • Handle interrupts appropriately • System raises privileges • Attacker sends interrupt • System catches interrupt • System finishes operation and lowers privileges • System handles Attacker’s interrupt

  13. Cross Site Scripting <br><br>Please login with the form below before proceeding:<form action="destination.asp"><table><tr><td>Login:</td><td><input type=text length=20 name=login></td></tr><tr><td>Password:</td><td><input type=text length=20 name=password></td></tr></table><input type=submit value=LOGIN></form> http://testasp.acunetix.com/Search.asp

  14. Cross Site Scripting • http://testasp.acunetix.com/Search.asp?tfSearch=%3Cbr%3E%3Cbr%3EPlease+login+with+the+form+below+before+proceeding%3A%3Cform+action%3D%22test.asp%22%3E%3Ctable%3E%3Ctr%3E%3Ctd%3ELogin%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3Dtext+length%3D20+name%3Dlogin%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3Ctd%3EPassword%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3Dtext+length%3D20+name%3Dpassword%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3Cinput+type%3Dsubmit+value%3DLOGIN%3E%3C%2Fform%3E

  15. Possible Solutions • Form Controls • User input Control • Filters

  16. References • “Buffer Overflow” http://www.faqs.org/docs/javap/c9/s1.html, visited 11/19/2008 • “J2EE-Security” http://www.pankaj-k.net/sd/west/2003/j2ee_security.pdf, visited 11/19/2008 • “SecureProgramingTutorial” www.cinnabar.ca/library/SecureProgramingTutorial.ppt, visited 11/19/2008 • “XSS” Window Security 11 pp., http://www.windowsecurity.com/articles/Cross-Site-Scripting-Underestimated-Exploit.html, visited 11/19/2008

More Related