Bonus slides Confused Deputy Problem Original exam ple Norm al - - PowerPoint PPT Presentation

bonus slides confused deputy problem original exam ple
SMART_READER_LITE
LIVE PREVIEW

Bonus slides Confused Deputy Problem Original exam ple Norm al - - PowerPoint PPT Presentation

Jan 13, 2023 140 likes •239 views

Bonus slides Confused Deputy Problem Original exam ple Norm al output file Request: 1. Do action 2. Write results to Im portant server file Client Server Response: OK Im portant server file Original exam ple ( 2 )

slide-1
SLIDE 1

Bonus slides – Confused Deputy Problem

slide-2
SLIDE 2

Original exam ple

Client Server Im portant server file Norm al output file

Request:

  • 1. Do action
  • 2. Write results to

“Im portant server file” Response: OK

slide-3
SLIDE 3

Original exam ple ( 2 )

  • Possible if the server executes the command using

its own credentials, similarly to a traditional buffer

  • verflow
  • Used as a prime argument for having capabilities
  • First appeared in 1988
  • Many other attacks can be seen as confused

deputy attacks – One example is circumventing a firewall by running traffic through a browser

slide-4
SLIDE 4

Cross-site Request Forgery

  • CDP using a Web browser

Client Web site URL Disguised as <im age>

e.g: http:/ / m ail.com / changepw?newpw=hack

Login Resolve Change PW

slide-5
SLIDE 5

CSRF

  • Cookies and active sessions to other sites can be

exploited to execute commands on the client by remote code

  • Somewhat situational

– Requires active session or cookie between the user and the target site – Requires a suitable target command at the target site – The referer header can be checked to avoid this exploit (but this is not always done) – Hidden fields with tokens can be used to avoid this

  • JavaScript can be used to read information from other
  • pen tags
  • Script languages can be used to send POST
slide-6
SLIDE 6

Login CSRF

  • Cause the victim to log in at a remote site using

the attackers credentials

  • Technically easier that normal CSRF
  • Opportunities for novel attacks
slide-7
SLIDE 7

Cross-site Scripting

  • 80% of all documented vulnerabilities as of 2007

(according to Wikipedia)

  • XSS has evolved into meaning injecting e.g. HTML

and JavaScript into Web pages

  • Usually used to steal session cookies
  • Live example…
slide-8
SLIDE 8

XSS

  • Three types:

– Non-persistent: What we just did. – Persistent: Online message boards etc.

  • Executed more than once

– DOM-based: Targeting already existing scripting elements that parse parameters and generate content

  • Similar to Non-persistent, but can also be used

to bypass e.g. client sandboxes

  • One known weakness was local Firefox error

pages