Difference between revisions of "Cross-User Defacement"

From OWASP
Jump to: navigation, search
(Contents provided by Fortify.)
 
(Description)
Line 5: Line 5:
  
 
An attacker can make a single request to a vulnerable server that will cause the sever to create two responses, the second of which may be misinterpreted as a response to a different request, possibly one made by another user sharing the same TCP connection with the sever. This can be accomplished by convincing the user to submit the malicious request themselves, or remotely in situations where the attacker and the user share a common TCP connection to the server, such as a shared proxy server. In the best case, an attacker can leverage this ability to convince users that the application has been hacked, causing users to lose confidence in the security of the application. In the worst case, an attacker may provide specially crafted content designed to mimic the behavior of the application but redirect private information, such as account numbers and passwords, back to the attacker.
 
An attacker can make a single request to a vulnerable server that will cause the sever to create two responses, the second of which may be misinterpreted as a response to a different request, possibly one made by another user sharing the same TCP connection with the sever. This can be accomplished by convincing the user to submit the malicious request themselves, or remotely in situations where the attacker and the user share a common TCP connection to the server, such as a shared proxy server. In the best case, an attacker can leverage this ability to convince users that the application has been hacked, causing users to lose confidence in the security of the application. In the worst case, an attacker may provide specially crafted content designed to mimic the behavior of the application but redirect private information, such as account numbers and passwords, back to the attacker.
 +
 +
This attack is rather difficult to carry out in the real environment. The list of conditions is long and hard to
 +
accomplish by the attacker. However it's easier to use this technique than Cross-User Defacement.
 +
 +
Cross-User Defacement attack is possible because of HTTP_Response_Splitting and flaws in the web application.
 +
It is crucial from the attacker's point of view that the application allows for filling the header field with
 +
more than one header using CR (Carrige Return) and LF (Line Feed) characters.
  
 
==Examples ==
 
==Examples ==

Revision as of 17:23, 24 October 2007

This is an Attack. To view all attacks, please see the Attack Category page.


This article includes content generously donated to OWASP by Fortify.JPG.

Description

An attacker can make a single request to a vulnerable server that will cause the sever to create two responses, the second of which may be misinterpreted as a response to a different request, possibly one made by another user sharing the same TCP connection with the sever. This can be accomplished by convincing the user to submit the malicious request themselves, or remotely in situations where the attacker and the user share a common TCP connection to the server, such as a shared proxy server. In the best case, an attacker can leverage this ability to convince users that the application has been hacked, causing users to lose confidence in the security of the application. In the worst case, an attacker may provide specially crafted content designed to mimic the behavior of the application but redirect private information, such as account numbers and passwords, back to the attacker.

This attack is rather difficult to carry out in the real environment. The list of conditions is long and hard to accomplish by the attacker. However it's easier to use this technique than Cross-User Defacement.

Cross-User Defacement attack is possible because of HTTP_Response_Splitting and flaws in the web application. It is crucial from the attacker's point of view that the application allows for filling the header field with more than one header using CR (Carrige Return) and LF (Line Feed) characters.

Examples

Related Threats

Related Attacks

HTTP Response Splitting

Related Vulnerabilities

Category:Input Validation Vulnerability

Related Countermeasures

Category:Input Validation

Categories