Presentations‎ > ‎

Attacks on Large Modern Web Applications



This work is based on the practice of security audits of the real world web-applications. It shows how the general approach can be applied to the research of large distributed web projects. Provides statistics on the various sub-domains based on the web-application test versions (such as a test.*, dev.*, etc.). This paper presents a method of a research of references between subdomains based on their crossdomain.xml files analysis (tool for data collection and their analysis will be presented too). Shows examples of XSS (Cross-Site Scripting) attacks on domains linked with crossdomain.xml in case when only one of them has classic XSS vector (stored or reflected). In addition to client-side attacks, will be shared results of the study of cookies management in modern browsers and examples of http headers injections, which can be used to get data from one domain and transfer it to another one. We also consider the SSRF (Server Side Request Forgery) attack in terms of their practical applicability to gain access and privilege escalation. Examined SSRF vulnerabilities based on other common vulnerabilities, such as XXE (XML External Entity), RFI (Remote File Including), LFR (Local File Reading) and others. Will be considered a real attacks on the web application's internal network (back-ends, database servers, etc.) via SSRF vulns, results will be shown too. The report will also show an attacks that helped to win the competition «Yandex's Month of Security Bugs»