Difference between revisions of "Mobile code: invoking untrusted mobile code"

From OWASP
Jump to: navigation, search
 
Line 2: Line 2:
  
 
==Description==
 
==Description==
 +
 +
This attack consists on manipulation of a mobile code in order to execute malicious operations at the client side. By intercepting client traffic using “man-in-the-middle” technique, a malicious user could modify the original mobile code with arbitrary operations that will be executed on client’s machine under his credentials.
 +
In other scenario, the malicious mobile code could be hosted in an untrustworthy web site or it could be permanently injected on a vulnerable web site thru an injection attack.
 +
This attack can be performed over Java or C++ applications and affects any operational system. <br>
 +
  
 
==Examples ==
 
==Examples ==
 +
<br>
 +
The following code demonstrates how this attack could be performed using a Java applet.
 +
 +
<pre>
 +
// here declarer a object URL with the path of the malicious class
 +
URL[] urlPath= new URL[]{new URL("file:subdir/")};
 +
 +
// here generate a object “loader” which is responsible to load a class in the URL path
 +
URLClassLoader  classLoader = new URLClassLoader(urlPath);
 +
 +
//here declare a object of a malicious class contained in “classLoader”
 +
Class loadedClass = Class.forName("loadMe", true, classLoader);<br><br>
 +
</pre>
 +
 +
 +
==References==
 +
 +
*https://buildsecurityin.us-cert.gov/daisy/bsi/100/version/1/part/4/data/CLASP_ApplicationSecurityProcess.pdf?branch=main&language=default 
 +
 +
*http://cwe.mitre.org/data/definitions/494.html
 +
 +
 +
==Related threats==
 +
{{Template:Stub}}
 +
 +
[[:Category: Logical Attacks]]
  
==Related Threats==
 
  
 
==Related Attacks==
 
==Related Attacks==
 +
 +
*[[Mobile code: non-final public field]]
 +
*[[ Mobile code: object hijack]]
 +
 +
  
 
==Related Vulnerabilities==
 
==Related Vulnerabilities==
 +
[[:Category: Unsafe Mobile Code]]
 +
 +
  
 
==Related Countermeasures==
 
==Related Countermeasures==
  
==Categories==
+
To solve this issue, it’s necessary to use some type of integrity mechanism to assure that the mobile code has not been modified.
  
 +
 +
 +
==Categories==
 
{{Template:Stub}}
 
{{Template:Stub}}
  
[[Category:Malicious Code Attack]]
+
[[:Category: Resource Manipulation]]
 +
 
 +
[[:Category: Abuse of Functionality]]
 +
 
 +
[[:Category: Exploitation of Privilege/Trust]]

Revision as of 08:44, 27 July 2007

This is an Attack. To view all attacks, please see the Attack Category page.


Description

This attack consists on manipulation of a mobile code in order to execute malicious operations at the client side. By intercepting client traffic using “man-in-the-middle” technique, a malicious user could modify the original mobile code with arbitrary operations that will be executed on client’s machine under his credentials. In other scenario, the malicious mobile code could be hosted in an untrustworthy web site or it could be permanently injected on a vulnerable web site thru an injection attack. This attack can be performed over Java or C++ applications and affects any operational system.


Examples


The following code demonstrates how this attack could be performed using a Java applet.

 // here declarer a object URL with the path of the malicious class
 URL[] urlPath= new URL[]{new URL("file:subdir/")};

 // here generate a object “loader” which is responsible to load a class in the URL path
 URLClassLoader  classLoader = new URLClassLoader(urlPath); 

 //here declare a object of a malicious class contained in “classLoader”
 Class loadedClass = Class.forName("loadMe", true, classLoader);<br><br>


References


Related threats

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.Category: Logical Attacks


Related Attacks


Related Vulnerabilities

Category: Unsafe Mobile Code


Related Countermeasures

To solve this issue, it’s necessary to use some type of integrity mechanism to assure that the mobile code has not been modified.


Categories

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.Category: Resource Manipulation

Category: Abuse of Functionality

Category: Exploitation of Privilege/Trust