To some extent, an organization deploying a third-party web server product is inevitably placing its fate in the hands of the software vendor. Nevertheless, there is still a large amount that a security-conscious organization can do to protect itself against the kind of software vulnerabilities. Choose Software with a Good Track Record Not all software … Read more
If you are lucky, the web server you are targeting may contain some of the actual vulnerabilities described in this chapter. More likely, however, it will have been patched to a more recent level, and you will need to search for something fairly current or brand new with which to attack the server. A good … Read more
Encoding flaws have arisen in many kinds of web server software and present an inherent threat in situations where the same user-supplied data is processed by several layers using different technologies. A typical web request might be handled by the web server, the application platform, various man-aged and unmanaged APIs, other software components, and the … Read more
Accipiter DirectServer This path traversal flaw could be exploited by placing URL-encoded dot-dot-slash sequences into a request. For more information about this flaw, see www.securityfocus.com/bid/9389 . Alibaba This path traversal flaw could be exploited by placing simple dot-dot-slash sequences into a request. For more information about this flaw, see www.securityfocus.com/bid/270 . Cisco ACS Acme.server This … Read more
The core logic of most web applications is written in interpreted scripting languages like PHP, VBScript, and Perl. In addition to the possibilities for injecting into languages used by other back-end components, a key area of vulnerability concerns injection into the core application code itself. Exposure to this type of attack arises from two main … Read more
In some situations, an application that is vulnerable to SQL injection may implement various input filters that prevent you from exploiting the flaw without restrictions. For example, the application may remove or sanitize certain characters, or may block common SQL keywords. Filters of this kind are often vulnerable to bypasses, and there are numerous tricks … Read more
Common Vulnerabilities Access controls can be divided into two broad categories: vertical and horizontal. Vertical access controls allow different types of users to access different parts of the application’s functionality. In the simplest case, this typically involves a division between ordinary users and administrators. In more complex cases, vertical access controls may involve fine-grained user … Read more