Session Race Conditions and Session Puzzling� Now Simplified
A few months ago I published a paper about Session Puzzling, a new application level attack vector of critical severity and numerous uses, but for some bizarre reasons, most of the responses I got was that the attack was too complicated to comprehend all it once.
Temporal Session Race Conditions (TSRC) is yet another a new application level vulnerability (presented in September 15, 2011, in local OWASP chapter meeting) that extends the capabilities of session puzzling, enables the exploitation of race conditions without latency and provides a new purpose for application denial of service attack.
The attack generally extends the lifespan of temporary session variables (session calculations and assignments with a lifespan of milliseconds) by increasing the latency of the following lines of code through the use of specific layer targeted denial of service attacks.
This time I have created several demonstration movies in order to properly explain the exposures (The new TSRC exposure and Session Puzzling), and in addition, published a presentation, a test assisting tool and a new version of the training kit.
The following movies demonstrate a few simple TSRC attacks:
Exploiting Temporal Session Race Conditions via Connection Pool Consumption:
http://www.youtube.com/watch?v=woWECWwrsSk
Exploiting Temporal Session Race Conditions via RegEx DoS:
http://www.youtube.com/watch?v=3k_eJ1bcCro
The following short movies demonstrate a few simple session puzzling sequences:
Authentication Bypass via Session Puzzling (Abusing common session variables):
http://www.youtube.com/watch?v=-DackF8HsIE
User Impersonation via Session Puzzling (Abusing common session variables):
http://www.youtube.com/watch?v=ikIyInm0wAg
Session Puzzling via Redirection Prevention (Abusing Premature Session Population):
http://www.youtube.com/watch?v=iTcOooHbgog
Bypassing Restrictions in Multiphase Processes via Session Puzzling (Abusing Common Session Flags)
http://www.youtube.com/watch?v=HeP54b52IeQ
Source: http://sectooladdict.blogspot.com
thx to Shay Chen @sectooladdict
{ 0 komentar... Views All / Send Comment! }
Posting Komentar