Krishna Transmitting Data via the Client Many applications leave themselves exposed because they transmit critical data such as product prices and discount rates via the client in an unsafe manner. If possible, applications should avoid transmitting this kind of data via the client altogether. In virtually any conceivable scenario, it is possible to hold such data … Read more
ActiveX controls are a much more heavyweight technology than Java applets. They are effectively native Win32 executables that, once accepted and installed by the user, execute with the full privileges of that user and can carry out arbitrary actions, including interacting with the operating system. ActiveX can be used to implement practically any client-side control, … Read more
Besides HTML forms, the other main method for capturing, validating, and submitting user data is to use a thick-client component. The technologies you are most likely to encounter here are Java applets, ActiveX controls, and Shockwave Flash objects. Thick-client components can capture data in various different ways, both via input forms and in some cases … Read more
The other principal way in which applications use client-side controls to restrict data submitted by clients occurs with data that was not originally specified by the server but was gathered on the client computer itself. HTML forms are the simplest and most common mechanism for capturing input from the user and submitting it to the … Read more
Transmitting Data via the Client It is very common to see an application passing data to the client in a form that is not directly visible or modifiable by the end user, in the expectation that this data will be sent back to the server in a subsequent request. Often, the application’s developers simply assume that … Read more
It is often possible to infer a great deal about server-side functionality and structure, or at least make an educated guess, by observing clues that the application discloses to the client. Dissecting Requests Consider the following URL, which is used to access a search function: https://wahh-app.com/calendar.jsp?name=new%20applicants&isExpired= 0&startDate=22%2F09%2F2006&endDate=22%2F03%2F2007&OrderBy=name As we have seen, the .jsp file extension … Read more
It is normally possible to fingerprint the technologies employed on the server via various clues and indicators. Banner Grabbing Many web servers disclose fine-grained version information, both about the web server software itself and about other components that have been installed. For example, the HTTP Server header discloses a huge amount of detail about some … Read more
Enumerating as much of the application’s content as possible is only one element of the mapping process. Equally important is the task of analyzing the application’s functionality, behavior, and technologies employed, in order to identify the key attack surfaces that it exposes, and begin formulating an approach to probing the application for exploitable vulnerabilities. Some … Read more
The enumeration techniques described so far have been implicitly driven by one particular picture of how web application content may be conceptualized and catalogued. This picture is inherited from the pre application days of the World Wide Web, in which web servers functioned as repositories of static information, retrieved using URLs that were effectively filenames. … Read more
It is very common for applications to contain content and functionality which is not directly linked or reachable from the main visible content. A common example of this is functionality that has been implemented for testing or debugging purposes and has never been removed. Another example arises where the application presents different functionality to different … Read more