1 Attack the client
If the mapping and analysis level showed flaws on the client side it will be a good
idea to begin there. The client (browser) is easily reachable by attacker and can
be compromise and manipulated to initiate a full attack or partial attack as base
for other types of attacks.
Due to the many types of possible client attacks the coming parts will explain
some possible attack execution scenario on client and examples about each type.
2 Two types of attacks
No matter what technologies are used in attacking client side, all attacks will take
one of two main types: Exploits and Trickery.
In Exploit attacks a malicious code is executed on the client side and its host due
to resident vulnerability and of course the countermeasure can simply be getting
rid of that exploited vulnerability, from the other hand the trickery attacks are
based on behavior of human operator after getting seduced by an attractive
message or offer to make action that disclose important information or be used
to access the information or allow the attacker to install a software that can be
used later to extract data from client machine
3 Flash Cookies (LSO)
Flash uses what is called Flash Cookies for client-side storage which Is a text file
with the extension (.lso) being able to access and manipulate this file will give
the ability to change the behavior of the flash object.
Attack requirement:
A. Being able to access the LSO file
B. No validation for data retrieved from the LSO files stored on the client.
Attack process
A. Access the LSO file.
B. Use the LSO editor to change an invalidated value that might give higher
privileges
Example:
This example will allow the attacker to get higher discount rate on a purchase
done through a flash object.
A. Locate the LSO file.
B. Use LSO editor to change the discount value
C. As soon as the flash object retrieve the local storage from the lso file it will apply the new discount rate if no validation where done by the server.
0 comments: