170 likes | 344 Views
Middleware Vulnerabilities. Damian Tamayo Kansas State University MSE 2 nd Semester. Overview. Common Attacks Examples Possible Solutions. Common Attacks. Overflows String Format/Validation Race Conditions - permissions Cross Site Scripting. Attacks Defined.
E N D
Middleware Vulnerabilities Damian Tamayo Kansas State University MSE 2nd Semester
Overview • Common Attacks • Examples • Possible Solutions
Common Attacks • Overflows • String Format/Validation • Race Conditions - permissions • Cross Site Scripting
Attacks Defined • Buffer Overflow – overwriting allocated buffer • String Format/Validation – send commands through user input • Race Conditions – interrupt handling • Cross Site Scripting – script injection on client side applications
Possible Solutions • Check for buffer/string lengths • Use operations that are safe • C/C++ • strncpy • strncat • Java/EJB’s • Technically “No” • Theoretically possible
String Format/User Validation • External Commands to the system • URL • Form Control Commands • “:” • “god” like query ability
Possible Solutions • Perform checks on user input • Don’t use shortcuts to format strings • Filters
Race Condition • Interrupts are not handled correctly • System raises privilege level to perform operation • System handles interrupt • Attacker sends command at higher privilege than user
Possible Solutions • Handle interrupts appropriately • System raises privileges • Attacker sends interrupt • System catches interrupt • System finishes operation and lowers privileges • System handles Attacker’s interrupt
Cross Site Scripting <br><br>Please login with the form below before proceeding:<form action="destination.asp"><table><tr><td>Login:</td><td><input type=text length=20 name=login></td></tr><tr><td>Password:</td><td><input type=text length=20 name=password></td></tr></table><input type=submit value=LOGIN></form> http://testasp.acunetix.com/Search.asp
Cross Site Scripting • http://testasp.acunetix.com/Search.asp?tfSearch=%3Cbr%3E%3Cbr%3EPlease+login+with+the+form+below+before+proceeding%3A%3Cform+action%3D%22test.asp%22%3E%3Ctable%3E%3Ctr%3E%3Ctd%3ELogin%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3Dtext+length%3D20+name%3Dlogin%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3Ctd%3EPassword%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3Dtext+length%3D20+name%3Dpassword%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3Cinput+type%3Dsubmit+value%3DLOGIN%3E%3C%2Fform%3E
Possible Solutions • Form Controls • User input Control • Filters
References • “Buffer Overflow” http://www.faqs.org/docs/javap/c9/s1.html, visited 11/19/2008 • “J2EE-Security” http://www.pankaj-k.net/sd/west/2003/j2ee_security.pdf, visited 11/19/2008 • “SecureProgramingTutorial” www.cinnabar.ca/library/SecureProgramingTutorial.ppt, visited 11/19/2008 • “XSS” Window Security 11 pp., http://www.windowsecurity.com/articles/Cross-Site-Scripting-Underestimated-Exploit.html, visited 11/19/2008