Types
A.
Change the DNS entry for the server in the ADSL of the user for a particular domain,
so that the request goes to a different domain altogether
B.
For e.g. a URL in one of the forums which Bob uses :
<img src="http://bank.example.com/withdraw?account=bob&amount=1000000&for=mallory">
If Bob's cookies haven't expired, this will benefit mallory.
Prevention :
1. Add authentication token in GET/POST
2. Check referrer
3. secret token
4. crossdomain.xml
2. Replay attack :
Evasdrop on a client server communication and re-play it.
Prevention :
Server should the client a one-time use token.
Other Issues :
3. Cross site cooking / Cross sub domain cooking (allowing a web site to set cookies for other domains/sub domains)
then, if the affected person logs on, evil person can use that cookie
General solutions :
generate new SId, before something crucial.
destroy session for malicious referrer
check browser etc information
time out old SIDs.
4. A billion laughs :
<!DOCTYPE root [
<!ENTITY ha "Ha! ">
<!ENTITY ha2 "&ha;&ha;">
<!ENTITY ha3 "&ha2;&ha2;">
<!ENTITY ha4 "&ha3;&ha3;">
<!ENTITY ha5 "&ha4;&ha4;">
...
<!ENTITY ha128 "&ha127;&ha127;">
]>
<root>&ha128;</root>
then, if the affected person logs on, evil person can use that cookie
General solutions :
generate new SId, before something crucial.
destroy session for malicious referrer
check browser etc information
time out old SIDs.
4. A billion laughs :
<!DOCTYPE root [
<!ENTITY ha "Ha! ">
<!ENTITY ha2 "&ha;&ha;">
<!ENTITY ha3 "&ha2;&ha2;">
<!ENTITY ha4 "&ha3;&ha3;">
<!ENTITY ha5 "&ha4;&ha4;">
...
<!ENTITY ha128 "&ha127;&ha127;">
]>
<root>&ha128;</root>
5. Similar to a Billion laughs :
ReDos (Regular expression Denial of Service)
No comments:
Post a Comment