Assuming the connections are all SSL protected, exploiting any of these inclusions
requires compromising the server from that the inclusions are sent (of course, non-SSL
protected HTTP connections have no privacy, integrity, or source guarantees).
The examples shown in this case study are probably difficult to compromise. Even
though these companies may have risky inclusion practices, they also have good
reputations for protecting their own infrastructures, but nobody is perfect. Less savvy
organizations such as those that have not invested in the security of their web products
may be frequently exposing users to harmful attackers.
142
For example, this attack from a compromised third-party site supplied information
to other sites, such as news pages. (For these examples, the vulnerable site is the site that
makes the mistake of including a script from some host compromised by the attacker.)
1. An attacker creates a script that sends the victim??™s cookie used on the
vulnerable site (and the name of that site) to the attacker. This would allow the
attacker to hijack the victim??™s session.
2. The attacker then loads the Browser Exploitation Framework (BeEF at www
.
Pages:
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279