`
chemyc
  • 浏览: 2434 次
  • 性别: Icon_minigender_1
  • 来自: 杭州
最近访客 更多访客>>
文章分类
社区版块
存档分类
最新评论

Black Hat 2007 Premature AJAX-ulation

阅读更多

Billy Hoffman and Bryan Sullivan from SPI Dynamics gave one of the more entertaining talks today. The title is an allusion to peoples willingness to apply new technology before they fully understand it. Instead of laughing at silly web 2.0 developers they decided to build their own AJAXified website by consulting the resources that any programmer would: AJAX books, blogs, and forums. What they ended up with was hackervactations.com... a security hole riddled gem built on good intentions.

For their presentation they demonstrated how easily you could hammer on the site using something like Firebug. Any piece of code on the client side can't be trusted. You can throw in a break point anywhere and manipulate any variable. So if something like the ticket price is stored locally, you can modify it before it gets debited. We learned long ago not to do this in HTML forms, but it's the same problem all over again disguised by new technology.

Another common practice is dumping all of the functions into one common.js file. Find something like an admin function and you can call that from anywhere. You could also create a race condition. Say one function adds an item and updates the cart total; the other debits your account and ships the order. If you call the two functions with a slight offset you could interleave their actions: add an item to your cart, debit the 0 total from your account, update it with actual total, and ship the item.

Their last example involved trusting the client to do final data formatting. Using two GET requests they were able to dump the entire database. In a JSON object they could add as many SQL queries as they want without having to worry about matching the number of arguments like you would in standard injection.

There were a couple final thoughts: These problems stem from putting too much trust in the client. That doesn't bode well for offline technologies like Google Gears where everything has to be on the client or Silverlight which makes it difficult to know whether your code is going to the client or the server. Lastly, if you're worried about premature AJAX-ulation, abstinence may be the best solution.

转自: http://www.hackaday.com/2007/08/02/black-hat-2007-premature-ajax-ulation/

中文参考文档: http://tech.techweb.com.cn/redirect.php?tid=197737&goto=lastpost

 

分享到:
评论

相关推荐

    PHP Parse Error: syntax error, unexpected $end 错误的解决办法

    下面,我们将从几个方面分析该问题,并提供相应的解决策略。 ...这通常发生在以下几种情况: 1. 缺少一个闭合的花括号“}”。...如果在代码块的末尾缺少了闭合花括号,就会导致这种错误。检查代码块的开始和结束部分,...

    premature-optimizer:顽固的性能痴迷的静态网站的极端优化工具

    过早优化器 我长期以来过度优化了 。 它已经有网页。 但是,一个优化选择让我有些烦恼:CSS内联的方法。 它在每个页面上内联网站CSS。 现在,CSS大约只有3kb,但是知道在每个页面加载中浪费了大量的字节让我很烦。...

    dpkg_1.17.5ubuntu5.8.tar

    此版本解决dpkg报错dpkg-deb: error: archive 'device-tree-compiler_1.4.5-3_amd64.deb' has premature member 'control.tar.xz' before 'control.tar.gz' bug

    六级高分词汇 上面这些都是写作文的时候经常会用到的词语,只需要将高分词去代替它就行了

    - 超前消费:premature consumption - 国有企业:state-owned enterprise - 私人企业:private enterprise - 偷税漏税:tax evasion - 保持市场良好秩序:keep market in good order - 垄断市场:monopolize ...

    libpam0g_1.1.8-3.6ubuntu2_i386.deb

    报错描述: DBT3514W The db2prereqcheck utility failed to find the following 32-bit library file: "/lib/i386-libpam.so" 解决方法: sudo dpkg --force-architecture -i libpam0g_1.1.8-3.6ubuntu2_i386.deb ...

    google-chrome-stable_current_amd64.deb浏览器

    是一款谷歌浏览器,格式为deb格式,安装方式可参见如下链接 http://blog.csdn.net/suwu150/article/details/53994302

    Ubuntu16.04离线安装软件-离线安装包mysql5.7.33

    在Ubuntu 16.04操作系统中,有时由于网络限制,我们无法直接使用`apt install`命令在线安装MySQL Server 5.7.33。此时,我们需要采用离线安装的方法来解决这个问题。以下是一个详细的步骤指南,涵盖了如何使用提供的...

    docker离线安装包.rar

    安装顺序按照以下顺序 containerd.io-1.2.6-3.3.el7.x86_64.rpm docker-ce-cli-19.03.8-3.el7.x86_64.rpm docker-ce-19.03.8-3.el7.x86_64.rpm

    java.security.InvalidKeyException:illegal Key Size

    在Java编程环境中,"java.security.InvalidKeyException: illegal Key Size" 是一个常见的错误,通常发生在加密或解密操作中。这个错误表示你试图使用的密钥长度超过了Java默认的安全限制。在给定的上下文中,这个...

    caffe官网的一些翻译

    ### Caffe官网翻译知识点概述 #### 1. Brewing Imagenet **数据准备** - **环境**: 所有命令在`cafferoot`目录下执行。 - **数据**: 使用ILSVRC12挑战赛的数据集。 - **组织结构**: 训练数据与测试数据分别存放。...

    hessdroid_android

    已经解决了第一次连接报:com.caucho.hessian.client.HessianConnectionException: 500: java.io.EOFException

    libaio1_0.3.110-2_amd64.deb

    mysql离线安装所需要的依赖包

    packaging-chapter-06-databook.pdf

    A malfunction in these components or boards can occur immediately or the apparatus may perform for weeks, months, or even years before an unpredictable and premature breakdown causes a field failure.

    Effective+Akka (1).zip

    Model interactions as simply as possible to avoid premature optimization Create well-defined interactions, and know exactly what failures can occur Learn why you should never treat actors as you...

    解压cpio文件

    ### 解压cpio文件 在Linux环境中,`cpio`是一种常见的用于归档文件的工具。它可以用来创建、查看和提取归档文件。本篇内容将详细介绍如何解压`cpio`格式的文件,特别是那些经过gzip压缩的文件。...

    acpi控制笔记本风扇转速

    笔记本的风扇控制 ---------------------------------------- 09 November 2006. Summary of changes for version 20061109: 1) ACPI CA Core Subsystem: Optimized the Load ASL operator in the case where the...

    WLR_SystemsBro_E.pdf

    - One of the major advantages of these systems is their ability to protect hardware investments by preventing premature obsolescence. As technology advances and new process nodes emerge, the ...

    2018-大学英语五bb平台-第四周题目部分解析1

    - premature:形容词,意为“提前的,过早的”,常用于描述未到合适时机的行动。 - conservative:形容词,意为“保守的”,可指政治观点或行为方式。 - constant:形容词,意为“不断的,始终如一的”,表示持续...

    AIS-PSO.rar_PSO-AIS_The Space Between_immunity algorithm_optimiz

    however, PSO is easy to get trapped in local extremum, to have premature convergence or stagnation. In order to help PSO strike a balance between individual diversity and swarm convergence, this ...

    Effective Akka

    Model interactions as simply as possible to avoid premature optimization, Create well-defined interactions, and know exactly what failures can occur, Learn why you should never treat actors as you ...

Global site tag (gtag.js) - Google Analytics