RxHarun

Repudiation Attack

Dr. Harun Ar Rashid, MD - Arthritis, Bones, Joints Pain, Trauma, and Internal Medicine Specialist Dr. Harun Ar Rashid, MD - Arthritis, Bones, Joints Pain, Trauma, and Internal Medicine Specialist
0 Views
Rx iT World Hacking Tutorial

A repudiation attack happens when an application or system does not adopt controls to properly track and log users’ actions, thus permitting malicious manipulation or forging the identification of new actions. This attack can be used to change the authoring information of actions executed by a malicious user in order to log wrong data to log files. Its usage can be extended to general data manipulation in the name of others, in a similar manner as spoofing mail messages. If this attack takes place, the data stored on log files can be considered invalid or misleading.

Risk Factors

TBD

Examples

Consider a web application that makes access control and authorization based on JSESSIONID, but registers user actions based on a user parameter defined on the Cookie header, as follows:

 POST http://someserver/Upload_file.jsp HTTP/1.1  Host: tequila:8443  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4  Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5  Accept-Language: en-us,en;q=0.5  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7  Keep-Alive: 300  Connection: keep-alive  Referer: http://someserver/uploads.jsp  Cookie:`` ``JSESSIONID=EE3BD1E764CD6EED280426128201131C;`` ``user=leonardo  Content-Type: multipart/form-data; boundary=---------------------------263152394310685  Content-Length: 321

And the log file is composed by:

Date, Time, Source IP, Source port, Request, User

Once user information is acquired from user parameter on HTTP header, a malicious user could make use of a local proxy (eg:paros) and change it by a known or unknown username.

You Might Also Like This Posts:

  1. Parameter Delimiter Attack This attack is based on the manipulation of parameter delimiters used by web application input vectors in order to cause unexpected behaviors like access control and authorization bypass and information disclosure, among others. Risk Factors TBD Examples In order to illustrate this vulnerability, we will use a vulnerability found on Poster V2, a posting system […]...
  2. DOM Based XSS Attack DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page […]...
  3. Function Injection Attack A Function Injection attack consists of insertion or “injection” of a function name from client to the application. A successful function injection exploit can execute any built-in or user defined function. Function injection attacks are a type of injection attack, in which arbitrary function names, in sometimes with parameters are injected into the application and executed. If […]...
  4. Content spoofing, Content Injection Content spoofing, also referred to as content injection, “arbitrary text injection” or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value, that is […]...
  5. Manipulator-in-the Middle Attack (MITM) The Manipulator-in-the middle attack (MITM) intercepts a communication between two systems. For example, in an http transaction the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and […]...
  6. Man-in-the-Browser Attack The Man-in-the-Browser attack is the same approach as Manipulator-in-the-middle attack, but in this case a Trojan Horse is used to intercept and manipulate calls between the main application’s executable (ex: the browser) and its security mechanisms or libraries on-the-fly. The most common objective of this attack is to cause financial fraud by manipulating transactions of Internet Banking systems, […]...
  7. Forced Browsing Attack Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the application, but are still accessible. An attacker can use Brute Force techniques to search for unlinked contents in the domain directory, such as temporary directories and files, and old backup and configuration files. These resources may store […]...
  8. Buffer Overflow Attack  This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables. The following conditions must be met to conduct successful attack: The application uses environment […]...
  9. HTTP Response Splitting HTTP response splitting occurs when: Data enters a web application through an untrusted source, most frequently an HTTP request. The data is included in an HTTP response header sent to a web user without being validated for malicious characters. HTTP response splitting is a means to an end, not an end in itself. At its […]...
  10. Password Spraying Brute Force Attack Password spraying is a type of brute force attack. In this attack, an attacker will brute force logins based on list of usernames with default passwords on the application. For example, an attacker will use one password (say, Secure@123) against many different accounts on the application to avoid account lockouts that would normally occur when brute […]...

To Get Daily Health Newsletter

We don’t spam! Read our privacy policy for more info.

Terms and Conditions of Use
Privacy Policy
Cookie Policy
Editorial Policy
Advertising Policy
EU User Consent Policy
Correction Policy
Citation Policy
Ethics and Logical Policies
About Us
Contact Us
Newsletter
Career
Sitemap
Advertise with us
Editorial Board Members
Review Board Member
Team RxHarun
Web Developers Team
Guest Posts and Sponsored Posts
Request for Board Member
Women Writers
Download Mobile Apps
Follow us on Social Media
© 2012 - 2025; All rights reserved by authors. Powered by Mediarx International LTD, a subsidiary company of Rx Foundation.
RxHarun
Logo