Insecure Direct Object References ( IDOR )

● Description

It occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key as in URL or as a FORM parameter. The attacker can use this information to access other objects and can create a future attack to access the unauthorized data.

Implication

·        Using this vulnerability, an attacker can gain access to unauthorized internal objects, can modify data or compromise the application.

Vulnerable Objects

·        In the URL.

Examples:

Changing "userid" in the following URL can make an attacker to view other user's information.

An attacker can view others information by changing user id value.

Recommendations:

1.     Implement access control checks.

2.     Avoid exposing object references in URLs.

3.     Verify authorization to all reference objects.

Cross Site Request Forgery

Description

Cross Site Request Forgery is a forged request came from the cross site.

CSRF attack is an attack that occurs when a malicious website, email, or program causes a user's browser to perform an unwanted action on a trusted site for which the user is currently authenticated.

A CSRF attack forces a logged-on victim's browser to send a forged HTTP request, including the victim's session cookie and any other automatically included authentication information, to a vulnerable web application.

A link will be sent by the attacker to the victim when the user clicks on the URL when logged into the original website, the data will be stolen from the website.

Implication

·        Using this vulnerability as an attacker can change user profile information, change status, create a new user on admin behalf, etc.

Vulnerable Objects

·        User Profile page

·        User account forms

·        Business transaction page

Examples

The victim is logged into a bank website using valid credentials. He receives mail from an attacker saying "Please click here to donate $1 to cause."

When the victim clicks on it, a valid request will be created to donate $1 to a particular account.

The attacker captures this request and creates below request and embeds in a button saying "I Support Cause."

Since the session is authenticated and the request is coming through the bank website, the server would transfer $1000 dollars to the attacker.

Recommendation

1.     Mandate user's presence while performing sensitive actions.

2.     Implement mechanisms like CAPTCHA, Re-Authentication, and Unique Request Tokens.

Security Misconfiguration

Description

Security Configuration must be defined and deployed for the application, frameworks, application server, web server, database server, and platform. If these are properly configured, an attacker can have unauthorized access to sensitive data or functionality.

Sometimes such flaws result in complete system compromise. Keeping the software up to date is also good security.

Implication

·        Making use of this vulnerability, the attacker can enumerate the underlying technology and application server version information, database information and gain information about the application to mount few more attacks.

Vulnerable objects

·        URL

·        Form Fields

·        Input fields

Examples

1.     The application server admin console is automatically installed and not removed. Default accounts are not changed. The attacker can log in with default passwords and can gain unauthorized access.

2.     Directory Listing is not disabled on your server. Attacker discovers and can simply list directories to find any file.

Recommendations

1.     A strong application architecture that provides good separation and security between the components.

2.     Change default usernames and passwords.

3.     Disable directory listings and implement access control checks.

Comments

Post a Comment

Hello,

Thank you for reading blogs and your lovely comment. We hope you like this blogs.

Have a nice day!

Again Thanks,
Rk Thakur

Popular posts from this blog

Hacker

•  A hacker may refer to any of the following: Computer hacker1. A hacker is a term that first started being used in the 1960s and described a programmer or someone who hacked computer code. Later the term evolved into an individual who had an advanced understanding of computers, networking, programming, or hardware, but did not have any malicious intents. In 1981, Ian Murphy, also known as "Captain Zap", became the first hacker to be convicted of hacking. He hacked into the AT&T computer network and modified the billing rates system, changing the internal clocks so that cheaper late-night rates were billed to customers during mid-day hours. Today, a malicious hacker is usually referred to as a malicious user, black hat, or criminal hacker, which describes any individual who illegally breaks into computer systems to damage or steal information. Some people who consider themselves leet may refer to themselves as a leet haxors, h4x0rs, or HaXXorZ. However, often these users
Read more

Insecure Cryptographic Storage

●  Description Insecure Cryptographic storage is a common vulnerability which exists when the sensitive data is not stored securely. The user credentials, profile information, health details, credit card information, etc. come under sensitive data information on a website. This data will be stored on the application database. When this data are stored improperly by not using encryption or hashing*, it will be vulnerable to the attackers. (*Hashing is transformation of the string characters into shorter strings of fixed length or a key. To decrypt the string, the algorithm used to form the key should be available) Implication ·          By using this vulnerability, an attacker can steal, modify such weakly protected data to conduct identity theft, credit card fraud or other crimes. Vulnerable objects ·          Application database. Examples In one of the banking application, password database uses unsalted hashes * to store everyone's passwords. An SQL injection flaw allows the att
Read more

How to Hack a Website: Online Example

•  More people have access to the internet than ever before. This has prompted many organizations to develop web-based applications that users can use online to interact with the organization. Poorly written code for web applications can be exploited to gain unauthorized access to sensitive data and web servers. In this article, we will introduce you to  web applications hacking techniques and the counter measures you can put in place to protect against such attacks . What is a web application? What are Web Threats? A web application (aka website) is an application based on the client-server model. The server provides the database access and the business logic. It is hosted on a web server. The client application runs on the client web browser. Web applications are usually written in languages such as Java, C#, and VB.Net, PHP, ColdFusion Markup Language, etc. the database engines used in web applications include MySQL, MS   Server, PostgreSQL, SQLite, etc. Most web applications are ho
Read more