AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Unnecessary Code Entrance

Debugging code left on the application may give attackers the extra information they need for attacking the target

Severity

Low

Fix Cost

Low

Trust Level

High

Generally in a web application debugging code may present itself in different forms. One of these forms is the main method;

            
static int main(string[] args) 
{
//...
return 0;
}
                 
            

The above is unnecessary for a web application and may contain critical security bugs and since they are outside the scope of a regular penetration testing (a form of dynamic security testing), the flow may give an attacker an unnecessary and unexpected advantage.

Similar example would be a URL parameter when set will bypass controls at the server side, for example;

http://www.vulnerable.com/Account/Authenticate?token=...&debug=1

The above URL, without the debug parameter, will check the token’s validity and authenticates the request. But if the developer placed a kind of a backdoor that bypasses the authentication, for just purposes perhaps, in terms of a debug parameter, then the same will hold for an attacker, too. By presenting a debug=1 parameter, he/she will authenticate without a valid token.

Generally in a web application debugging code may present itself in different forms. One of these forms is the main method;

When loading a class, class name based validations may be bypassed by attackers by providing classes with names having seemingly valid type names. Below is such a code;

            
public static void main(String[] args) {
{
  //...
}
                 
            

The above is unnecessary for a web application and may contain critical security bugs and since they are outside the scope of a regular penetration testing (a form of dynamic security testing), the flow may give an attacker an unnecessary and unexpected advantage.

Similar example would be a URL parameter when set will bypass controls at the server side, for example;

http://www.vulnerable.com/Account/Authenticate?token=...&debug=1

The above URL, without the debug parameter, will check the token’s validity and authenticates the request. But if the developer placed a kind of a backdoor that bypasses the authentication, for just purposes perhaps, in terms of a debug parameter, then the same will hold for an attacker, too. By presenting a debug=1 parameter, he/she will authenticate without a valid token.

Generally in a web application debugging code may present itself in different forms. One of these forms is the main method;

When loading a class, class name based validations may be bypassed by attackers by providing classes with names having seemingly valid type names. Below is such a code;

            
public static void main(String[] args) {
{
  //...
}
                 
            

The above is unnecessary for a web application and may contain critical security bugs and since they are outside the scope of a regular penetration testing (a form of dynamic security testing), the flow may give an attacker an unnecessary and unexpected advantage.

Similar example would be a URL parameter when set will bypass controls at the server side, for example;

http://www.vulnerable.com/Account/Authenticate?token=...&debug=1

The above URL, without the debug parameter, will check the token’s validity and authenticates the request. But if the developer placed a kind of a backdoor that bypasses the authentication, for just purposes perhaps, in terms of a debug parameter, then the same will hold for an attacker, too. By presenting a debug=1 parameter, he/she will authenticate without a valid token.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!