With any interaction between client (web browser) and web servers there is always an opportunity for the data being sent back and forth to be tampered with. An excellent example of this is modifying XML/JSON when being sent from client side to server side.
By using an application, such as WebScarab, you can intercept and modify information being sent in XML/JSON format from the browser to the server. WebScarab does this by allowing users to edit server request to reflect the information which they want to see sent to the server. This allows the possibility for an attacker to edit not only the information which is already contained within the file on the server, but also the potential to add and remove content from the file as well.
An example where this vulnerability could be exploited would be for a point system where the attacker could modify the number of points they gained or loss within an online reward program of video game. Here is an example of what a changed XML request could look like:
Original
<player>
<playerId>37</playerId>
<score>100</score>
</player>
Changed
<player>
<playerId>37</playerId>
<score>1000000000</score>
</player>
If the values which are being changed have any relation to money (i.e. points which could be redeemed for product, etc.) then it could be a costly flaw in your web application.
One of the examples I applied this technique to was a picture album I created which sent commenting data across the network using JSON. I intercepted the request and altered it so that a comment on one image would be sent to show up on a separate image than the one that I initially commented on. This definitely stresses the importance of using as much service sided information handling as possible to make sure any tamper that can be done will not interfere the functionality of your web application. Even though a simple photo album may seem like a silly thing to go to any measures to prevent such an attack on, the thought of what could be considered a much larger scale photo album (Facebook) having information like this manipulated in this nature could easily interfere with their privacy settings.
No comments:
Post a Comment