Escolar Documentos
Profissional Documentos
Cultura Documentos
Introduction
When 1 interface is used to attack the other interface.
CIA Characteristics
Exploits the default nature of FTP /Telnet Protocol
Admin interfaces : { Web, FTP, Telnet} Logging module running as root DOM and HTML rendered as dynamic content Attacks are persistent in nature Hardware devices firewalls, disk stations, management systems etc.
Web Interface
Web Interface
THREATS
Information Stealing
Sample code
THREATS
Cookie Stealing
THREATS
Malware Infections - Executing payloads to conduct Drive by Download Attacks
Sample code
THREATS
THREATS
CSRF
DEFENSE
A whitelist approach should be followed at the protocol level to reduce the impact of exploitation. The error reporting mechanism should be used in conjunction with the FTP authentication module to restrict the acceptance of malicious input through login consoles. The logging process should not run as administrator or root user. The logs should be rendered in a customized format which does not allow DOM and HTML elements to get rendered as dynamic content. The content should be sniffed to avoid the usage of malicious input thereby defining the Content-Type appropriately.
???????
References
http://www.google.co.in/search?q=http%3A%2F%2Fmilw0rm.com %2Fexploits%2F6476&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:enUS:official&client=firefox-a#sclient=psy-ab&hl=en&client=firefoxa&rls=org.mozilla:enUS%3Aofficial&source=hp&q=cross+interface+attack&pbx=1&oq=cr oss+interface+attack&aq=f&aqi=&aql=&gs_sm=e&gs_upl=37279l38 938l11l40023l2l2l0l0l0l0l268l492l22l2l0&bav=on.2,or.r_gc.r_pw.&fp=a0ba24de15e40bac&biw=1366& bih=558 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2453 http://www.securityfocus.com/archive/1/archive/1/513970/100/0/ threaded