In this example, an
attacker could simply modify the HTTP Referer header to contain the URL www.example
.com/login.jsp and then directly request www.example.com/protected/index.jsp. When the
application checks the Referer header it will see the login page, and therefore incorrectly
assume that the attacker is a legitimately authenticated user.
Example
The following is an example showing how to use the WebDeveloper extension to Firefox
to expose and manipulate hidden form fields in a web application.
1. Install the free WebDeveloper Firefox Add-on available at http://chrispederick
.com/work/webdeveloper/. This tool allows an attacker to perform numerous
actions on a web application. However, in this example, only the forms
functionality will be used.
2. Expose hidden ?¬? elds by right-clicking anywhere in the page and choosing Web
Developer | Forms | Display Form Details.
Chapter 6: AJAX Types, Discovery, and Parameter Manipulation 161
3. Now that the hidden ?¬? elds are exposed. Note how the ?¬? eld Secret Hidden Field
has now appeared and contains the value Hidden Text.
162 Hacking Exposed Web 2.0
4. The Hidden Text value can now be edited to anything the attacker desires??”
such as Manipulated Text.
Pages:
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306