0
to inspect applications manually for any important parameters that are editable by the
attacker. Since parameter manipulation attacks rely on attacking logic rather than any
particular technology, they will continue to be a source of attacks against web applications
for some time to come.
Unintended Exposure
Popularity: 3
Simplicity: 6
Impact: 4
Risk Rating: 4
Unintended exposure is an interesting issue that can crop up when an application
is migrated from a traditional Web 1.0 application into an AJAX application. This issue
occurs during a migration due to the shift in how clients are informed of server
functionality.
In traditional Web 1.0 applications, developers sometimes build in backdoor functionality
that allows them to make changes to the production version of the application.
This is often done because developers are not given access to production systems, but are
held responsible for fixing bugs on them. Access to such a backdoor is often granted
through a hidden method built into the application, which developers can call to grant
themselves administrator privileges. As an attacker, trying to find a backdoor such as
this in a Web 1.0 application is nearly impossible.
Pages:
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308