A successful attack requires launching
a brute-force attack against all possible method names until the backdoor method is
found, and then brute-forcing the required arguments to the method.
When a traditional web application is upgraded to add AJAX functionality, methods
that were previously hidden can sometimes be exposed. Often, this is because in an effort
to make a program work, all methods in the application are tagged as public. Buried
in the chunk of JavaScript that is now sent down to the client, the backdoor function will
be listed among all the other methods. For this reason, attackers can uncover these methods
by manually inspecting all methods found when performing method discovery
against a target application. Often, backdoor methods will be obviously named and easily
found. As shown in Figure 6-4, once an attacker obtains a list of methods from the
application it can be carefully examined for any methods that appear to have been unintentionally
exposed.
In addition to hidden methods, hidden URLs may be exposed during a Web 1.0 to
AJAX transition. Like hidden methods, the exposure of hidden URLs is due primarily to
developers not fully understanding what is now exposed in the JavaScript sent down to
a client.
Pages:
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309