New technologies, new threats ten Web2. 0 under attack-vulnerability warning-the black bar safety net

ID MYHACK58:62200612346
Type myhack58
Reporter 佚名
Modified 2006-10-17T00:00:00


Web2. 0 is the expression of a new generation of network applications fresh terminology.,Google maps,Writely and MySpace. com is the use of Web2. 0 paradigm. The level of technology advances, to promote the web2. 0 application development. In the network service context, it has strengthened the service side of the core technical components, and on the client side, AJAX and rich Web application(RIA)is the improved browser in the client user interface.

The XML language indicating Layer and Transport Layer HTTP/HTTPS have a huge impact. SOAP is becoming the XML-based transport mechanism, particularly the selection, to some extent, XML on the presentation tier replaces the HTML language.

A Web2. 0 focus--reforming the industry

Technological change brings new security concerns and new attack vectors. Yamanner,Samy and Spaceflash these typical worms are attacking contains confidential information of the AJAX architecture the client, they provide attack avenues.

On the server side, XML-based Web services are replacing part of the key function. It is provided through a network service interface to access the distributed application. The user can from the browser to end the remote activation based on GET,POST or SOAP method, this ability to a variety of applications to bring new defects. On the other hand, the use of XML,XUL,Flash,Applets and JAVAScripts of the RIA framework adds more available attack vectors. RIA,AJAX and Web services to Web application security adds new dimension.

The following is a 1 0 attack vector the list and a brief description of:

1. AJAX cross-site scripting

A few months before, it was found that a variety of cross-site scripting attacks. In this type of attack, victims included information on the browser will run from a particular website, the malicious JAVA Script code. Yamanner worm is a recent example, which uses Yahoo mail's AJAX call in cross site scripting opportunity to attack the victim. Another recent example is the Samy worm, which utilized MySpace. com cross-site scripting vulnerabilities to attack. AJAX running on the client, which allows error writing the script is an attacker utilized. An attacker can prepare a malicious link to coax those who did not prepare the users, let them use a browser to access a particular web page. Traditional applications, there are also such a weakness, but the AJAX Add to it the more possible vulnerabilities.

2. XML poisoning

Many Web2. 0 applications, XML transmission at the server and between the browser and forth. The network application receives from the AJAX client of the XML block. This XML block is likely infected with. Many times the recursive load is applied to the outputs of similar XML nodes,such a technique also is not popular. If the machine's processing power is weak, it will cause the server to refuse service. Many attackers also produce incorrectly structured XML documents, these documents will disrupt the server on the use of dependency analysis mechanism of the logic. The server-side profile mechanism have two types, they are SAX and DOM. Network services also use the same attack vector, which is because the network service receives the SOAP message, and SOAP is an XML message. At the application layer a wide range of use XMLs so that the attacker has more opportunities to use this new attack vector.

XML external entity reference is a can be attacker to forge an XML attribute. This will allow an attacker to use the desired file or TCP connection defects. XML schema poisoning is another XML poisoning attack vector, it is possible to change the execution process. This vulnerability can help an attacker to obtain confidential information 3. Malicious AJAX code execution

AJAX call is very difficult to detect, the end user cannot determine whether the browser is using the XMLHTTP request object to issue no record of the call. The browser makes AJAX calls to any site, the site will be for each request to respond to cookies. This will lead to leakage of potential possibilities. For example, John has landed his Bank, and through the server authentication. The authentication process is completed, he will get a session cookie. Bank of the page contains a lot of critical information. Now, he go to the browser of his web page, and at the same time still maintain a Bank account in the login state. He might just visit an attacker's web page, in this page the attacker has written is not easy to be aware of the AJAX code, This code is not used after John's consent, it is possible to issue a background call to John banks web page, it is possible to from a Bank page to obtain key information and send this information to the attacker's website. This will lead to leakage of confidential information and even lead to security breakthroughs.

4. RSS/Atom injection

This is a new web2. 0 attack. RSS feedback is that people in the portal or Web application to share information of common means. Web application to accept the feedback and then sent to the client browser. People can be in the RSS feeds inserted into the text of the JavaScript to generate the user's browser to attack. To access a particular website, the end-user load with the RSS feeds of pages, this script will be up and running--it can be to the user's computer to install software or steal cookies information. This is a fatal client attack. Worse, it can mutate. With the advent of RSS and ATOM feedback to become a network application integration components on the server side to publish data to the end user before the filtering of a particular character is very necessary.

5. WSDL scanning and enumeration

WSDL-Web Services definition language is a network of a service interface. The document provides techniques, open methods, innovative forms, etc. of key information. This is very sensitive information, and can help people decide to take advantage of what weaknesses to attack. If the unnecessary function or method has been open, this is a network service caused by a potential disaster. Protect WSDL file or the limit to which access is very important. In reality, it is possible to find some use WSDL scanning some of the holes.

6. AJAX routine in the client confirmation

Based on the web2. 0 applications using AJAX routine to the client on many operations, such as the client data type of confirmation, check the contents, data domain, and so on. Under normal circumstances, the server should also backup these clients to check information. Most of the developers are not doing so;they do so on the grounds that they assume that such confirmation is by the AJAX routine to be responsible for. To avoid the AJAX-based validation and send direct POST or GET request to those applications-these applications such asSQL injection,LDAP injection, etc. class with confirmation into the attack the main sources, they are able to attack the network's key resources-all can be done. This adds up to is attacker the use of the potential attack vector quantity. 7. Network service routing problems

Web Services security protocols include WS-Routing services. WS-Routing allows a SOAP message on the Internet a wide variety of different nodes in a particular sequence in the transmission. Usually encryption of the information in these nodes back and forth transfer. The interaction of the node of any one being attacked will cause the attacker to be able to access to the transmission between two endpoints of a SOAP message. This will cause the SOAP message of a serious security leak. With Web Start is a network service framework for the use, attackers are beginning to turn to the use of these new protocols and new attack vectors.

8. Modify the SOAP parameters

The network service receives the information from the SOAP message variable. Modify these variables is very possible. For example,“1 0”is a SOAP message in the plurality of nodes in a. The attacker can modify the point, and try different kinds of injection attacks-such as SQL,LDAP,XPATH,command shell-and explore able is He to master and the internal information of the attack vector. Network service code is in error or inadequate input to confirm that the network service applications prone to leaks. This is a target point to the network service the network application of a new attack vector.

9. The SOAP message XPATH injection

XPATH is used to query the XML document language, it is with the SQL statement is very similar: we provide some of the information parameters is then obtained from the database in the query results. Many languages support XPATH parse function. The network application to receive large XML documents, many times these application from the end user, and the XPATH statement made to enter the amount. These code paragraphs for XPATH injection no defenses. If the XPATH is executed successfully, an attacker can bypass authentication mechanisms or cause the Confidential Information of some loss. Now people only know a very small part can be exploited by attackers XPATH vulnerability. To prevent this attack vector, the only way in to the XPATH statement to pass a variable value to provide appropriate input to confirm.

1 0. RIA Thin Client binary fake

Rich network application(RIA)use very rich UI features such as Flash,ActiveX controls or Applets, it uses these elements as a network of the Basic Interface. This framework has several security issues. One of the most important one is about the session management. It is running in a browser, and share the same session. At the same time, since the client will download the entire binary element to the own host, the attacker can reverse engineering of the binary file and decompile the code. These binary strings are packaged and bypass some included in the code in the authentication logic is likely to achieve. This is WEB2. 0 framework another interesting attack vector.


AJAX,RIA and Web Services WEB2. 0 application space of three important technological vectors. These techniques are promising, they bring to the desktop of the new program, strengthening the network's overall efficiency and effectiveness. With these new technologies come new security issues, ignoring these issues will cause the entire world huge disaster. In this paper, we only discuss the 1 0 kinds of attacks. But in fact there are many other attack vectors. These new attack vectors, the best defense is to increase the WEB2. 0 security awareness, improve code operation security, and configuration security.