Difference between revisions of "Page Hijacking"

From OWASP
Jump to: navigation, search
(Contents provided by Fortify.)
 
Line 1: Line 1:
 
{{Template:Attack}}
 
{{Template:Attack}}
 
{{Template:Fortify}}
 
{{Template:Fortify}}
 +
<br>
 +
[[Category:OWASP ASDR Project]]
 +
[[ASDR Table of Contents]]__TOC__
 +
  
 
==Description==
 
==Description==
  
 
In addition to using a vulnerable application to send malicious content to a user, the same root vulnerability can also be leveraged to redirect sensitive content generated by the server and intended for the user to the attacker instead. By submitting a request that results in two responses, the intended response from the server and the response generated by the attacker, an attacker can cause an intermediate node, such as a shared proxy server, to misdirect a response generated by the server for the user to the attacker. Because the request made by the attacker generates two responses, the first is interpreted as a response to the attacker's request, while the second remains in limbo. When the user makes a legitimate request through the same TCP connection, the attacker's request is already waiting and is interpreted as a response to the victim's request. The attacker then sends a second request to the server, to which the proxy server responds with the server generated request intended for the victim, thereby compromising any sensitive information in the headers or body of the response intended for the victim.
 
In addition to using a vulnerable application to send malicious content to a user, the same root vulnerability can also be leveraged to redirect sensitive content generated by the server and intended for the user to the attacker instead. By submitting a request that results in two responses, the intended response from the server and the response generated by the attacker, an attacker can cause an intermediate node, such as a shared proxy server, to misdirect a response generated by the server for the user to the attacker. Because the request made by the attacker generates two responses, the first is interpreted as a response to the attacker's request, while the second remains in limbo. When the user makes a legitimate request through the same TCP connection, the attacker's request is already waiting and is interpreted as a response to the victim's request. The attacker then sends a second request to the server, to which the proxy server responds with the server generated request intended for the victim, thereby compromising any sensitive information in the headers or body of the response intended for the victim.
 +
==Risk Factors==
 +
TBD
 +
[[Category:FIXME|need content here]]
  
 
==Examples ==
 
==Examples ==
 +
TBD
 +
[[Category:FIXME|need content here]]
  
==Related Threats==
 
 
==Related Attacks==
 
 
[[HTTP Response Splitting]]
 
 
==Related Vulnerabilities==
 
  
[[:Category:Input Validation Vulnerability]]
+
==Related [[Threat Agents]]==
 +
* TBD
 +
[[Category:FIXME|need links]]
  
==Related Countermeasures==
+
==Related [[Attacks]]==
 +
* [[HTTP Response Splitting]]
  
[[:Category:Input Validation]]
+
==Related [[Vulnerabilities]]==
 +
* [[:Category:Input Validation Vulnerability]]
  
==Categories==
+
==Related [[Controls]]==
 +
* [[:Category:Input Validation]]

Revision as of 07:49, 14 September 2008

This is an Attack. To view all attacks, please see the Attack Category page.


This article includes content generously donated to OWASP by Fortify.JPG.

ASDR Table of Contents

Contents


Description

In addition to using a vulnerable application to send malicious content to a user, the same root vulnerability can also be leveraged to redirect sensitive content generated by the server and intended for the user to the attacker instead. By submitting a request that results in two responses, the intended response from the server and the response generated by the attacker, an attacker can cause an intermediate node, such as a shared proxy server, to misdirect a response generated by the server for the user to the attacker. Because the request made by the attacker generates two responses, the first is interpreted as a response to the attacker's request, while the second remains in limbo. When the user makes a legitimate request through the same TCP connection, the attacker's request is already waiting and is interpreted as a response to the victim's request. The attacker then sends a second request to the server, to which the proxy server responds with the server generated request intended for the victim, thereby compromising any sensitive information in the headers or body of the response intended for the victim.

Risk Factors

TBD

Examples

TBD


Related Threat Agents

  • TBD

Related Attacks

Related Vulnerabilities

Related Controls