C# - Common Security Threats & Vulnerabilities (Part 4/6)
Read part 3
Directory traversal is a type of attack that is used to gain unauthorized access to restricted directories and files. It exploits how vulnerable web applications construct file paths when serving assets, in order to navigate through the directory structure of the server running the application. An attacker might be able to read sensitive configuration files, access credentials for backend systems, and even gather enough information to take control of the server.
Having analyzed the URL parameter and image preview functionality, Bob attempts to modify the original URL by replacing the value of the filename parameter TECH735.JPG with the following string:
filename: ../../../../etc/passwd
The above message is indicative of a User Enumeration vulnerability since the application returns an error message indicating that the submitted account username bob@livemail.com is not valid or registered on the application.
To automate the User Enumeration attack, Bob creates a python script called enumerate.py
12. Directory Traversal
Directory traversal is a type of attack that is used to gain unauthorized access to restricted directories and files. It exploits how vulnerable web applications construct file paths when serving assets, in order to navigate through the directory structure of the server running the application. An attacker might be able to read sensitive configuration files, access credentials for backend systems, and even gather enough information to take control of the server.
Having analyzed the URL parameter and image preview functionality, Bob attempts to modify the original URL by replacing the value of the filename parameter TECH735.JPG with the following string:
filename: ../../../../etc/passwd
13. User Enumeration
Username Enumeration or credential harvesting refers to a type of attack that gives a malicious actor the ability to determine and enumerate the presence of a username within a specific application and further automates the process of identifying multiple valid usernames. Brute-force techniques are often used to either guess user information, or confirm previously guessed information. It’s usually web applications that are most vulnerable to this kind of attack, although in truth user enumeration vulnerabilities can arise in any system that requires user authentication.
The above message is indicative of a User Enumeration vulnerability since the application returns an error message indicating that the submitted account username bob@livemail.com is not valid or registered on the application.
Mitigation
Developers must display a generic response message regardless of whether or not the username, email or account is valid.
14. Vertical Privilege Escalation
Access control refers to constraints on who can perform what actions or access which resources. Vertical access control restricts access to sensitive functionality to particular user types, for example allowing only administrators to access an admin page. Vertical privilege escalation happens when sensitive parts of the application are not sufficiently protected and a user can thus gain access to functionality or resources they are not permitted to access.
15. Horizontal Privilege Escalation
Access control refers to constraints on who can perform what actions or access which resources. Horizontal access control restricts access to functionality or resources of the same type, such as account information. Horizontal privilege escalation vulnerabilities occur when a malicious user can gain access to functionality or resources belonging to another user. If the compromised user belongs to another privileged group, this can further lead to Vertical Privilege Escalation.Having analyzed the POST request, Bob attempts to modify the ccid parameter by changing its value from 1001 to 1000.
No comments: