11 Payload vulnerabilities

 

In this chapter

  • How accepting serialized data from an untrusted source is a security risk
  • How XML parsers are vulnerable to attack
  • How hackers can target file upload functions
  • How path traversal vulnerabilities can allow access to sensitive files
  • How mass assignment vulnerabilities can allow the manipulation of data

Most of the vulnerabilities discussed in the preceding chapters have been concerned with indirect attacks against your users. These attacks inject code into users’ browsers, trick users into performing unexpected actions, or steal credentials or sessions. Now we turn our attention to attacks that directly target web servers.

In the coming chapters, we will be particularly concerned with attacks that come across the HTTP protocol. Your web servers (and associated services) may well be vulnerable to other types of attacks—hackers often probe for access by using the Secure Shell (SSH) or Remote Desktop protocol, for example—but they are more properly considered to be the concerns of infrastructure security.

TIP

If you want to learn more about that subject, I strongly recommend picking up a copy of Hacking Exposed 7: Network Security Secrets and Solutions, by Stuart McClure, Joel Scambray, and George Kurtz (McGraw Hill, 2012).

Deserialization attacks

JSON vulnerabilities

Prototype pollution

XML vulnerabilities

XML validation

XML bombs

XML external entity attacks

Mitigating XML attacks

File upload vulnerabilities

Validate uploaded files

Rename uploaded files

Write to disk without the appropriate permissions

Use secure file storage

Path traversal

Mass assignment

Summary