HTTP exploits involve using the Web server application to perform malicious activities. These attacks are very common and are growing in popularity because firewalls typically block most traffi c from the Internet to keep it away from corporate servers. However, HTTP traffic, used for Web browsing, is almost always allowed to pass through fi rewalls unhindered.Thus, attackers have a direct line to the Web server. If they can coerce the Web server into performing malicious activities, they can access resources that would otherwise be unavailable.
New HTPP exploits appear quite frequently. Some recent exploits include the Unicode directory traversal exploit and the double hex encoding exploit. Directory traversal exploits use strings like “./././” to access directories outside the normal webroot directory where Web content is stored. Since most Web servers will block URLs that contain “./”, attackers circumvent this protection by using the special Unicode/hexadecimal encodings to represent the “./” pattern.
By typing a properly crafted attack string into a Web browser, attackers can access other directories on the Web server. These other directories may contain confidential information, passwords, or other sensitive fi les. By using an HTTP exploit, attackers can access these fi les easily through a standard Web browser.
Other HTPP exploits allow attackers to execute programs, alter system information,
access registry keys, and perform other malicious activities.
No comments:
Post a Comment