Top 10 Web2.0 attack vectors

As an example of cross-site scripting in. Ajax, The yamanner worm exploits the cross-site scripting vulnerability of Yahoo Mail Ajax, And the Samy worm exploits the cross-site scripting vulnerability of Myspace.com.

2. xml poisoning attackers can perform DoS attacks by copying nodes, or generate invalid XML to interrupt the server logic. Attackers can also manipulate external entities to open any file or TCP connection port. XML data definition poisoning can also lead to changes in the running process, helping attackers obtain confidential information.

3. attackers can run malicious Ajax code without knowing the user's knowledge. If the user logs on to a confidential website, the confidential website returns a session cookie, then, the user can access the attacker's website without exiting the confidential website. The Ajax code on the attacker's webpage is acceptable (through this session cookie ?) Attackers can access webpages on a confidential website to steal users' confidential information. (Note: The explanation here is a bit vague. Theoretically, the browser will not pass the session cookie of a website to another website, that is, the sentence "when the browser makes an Ajax call to any Web site It replays cookies for each request. ", not completely correct)

4. RSS/atom injection attackers can inject Javascript scripts into RSS feeds. If these scripts are not filtered out on the server side, problems may occur on the browser side.

5. WSDL scan and enumeration WSDL provides the technology used by web services, as well as exposed methods, call modes, and other information. If the Web service does not prohibit unnecessary methods, attackers can use the WSDL scan to find potential attack points.

6. Data Verification in client Ajax encoding if the developer only relies on client verification and does not re-verify on the server side, it will lead to SQL injection, LDAP injection, and so on.

7. Web Service Routing Problems Web Service Security protocol uses WS-routing service. If any transfer station is attacked, soap messages can be intercepted.

8. The parameter operations of a SOAP message are similar to SQL injection. If the node data in the SOAP message is not verified.

9. XPath injection for soap messages is similar to SQL injection. If you do not verify the data and directly perform XPath query.

10. operations on the binary file of the fat Ria client because the components of rich Internet applications are downloaded to a local browser, attackers can reverse engineer the binary file, decompile the code, modify the file, and skip the authentication logic.