This also gives opportunity to hackers for easily exploit these facts.
Here we are going to touch upon few basic threats to Web-Services:
1. WSDL SCANNING ATTACK:
WSDL is mainly used for advertizing the interfaces and web service addresses. These files are oftenly created using some utilities and intentionall designed to expose the information available with a particular method.
So a hackers can get very useful information s/he needs through simple google queries :-)
Queries like :
filetype:WSDL company_name
index of /wsdl OR inurl:wsdl company_name
At very first glance it seems ok because its important to publisize any web service so that it can be used at appopriate places. But this is not the right way to exposing services, it should happen through UDDI. But mny times it developers are not very careful about usage of tools which are used to generate WSDLs. sometimes debuggin information which is never supposed to be accessed, can be exploited in various ways.
Any information in a WSDL file may be a very helpful hint for a hacker which exposes other functionalities.
If we consider a simple example where WSDL describes an operation like GET_STOCK_PRICE even there is an unpublished operation like ACTUAL_STOCK function. Unless there are some authorization checks applied, an attacker can guess the functionalities s/he is not supposed to understand/know.
2. PARAMETER TAMPERING
SQL Injections can be equally useful for attacking a web service.
Most oftenly, Web Services are some other mechanisms of accessing a legacy code for some sepcific purpose. Out of Range parameters, commnd injection and directory traversal are not mitigated just because data is transferred in XMLs.Its all about the way code validates data inputs.
Web Services should validate the input data in XMLs before using that. Having strong typing of XML does help but application must be very careful while using the data after proper validations.
3. XPATH Injections:
XPATH is a laguage used for quering XMLs like SQL for Databases.It uses expressions to select particular nodes and not-sets in an XML.
To give some sense of XPATH, lets have a look at some of the expressions:
/ : This is used for selecting root node
// : For selecting current Node
//Photographer : Select all Photographer Elements
Photographer//Name : Select all name elements whic are under Photographer element
/Photographer/Name[1] : Select first name element which is child of the Photographer element
An XPATH Injection attack allows an attacker to inject malicious exprssions as part of valid SOAP request.
This can lead to unauthorized access or service denial problems.
4. Recursive Payload attacks:
There is a concept of nesting in XML for supporting complex relationships mong elements. Nesting is a simple mechanism where one element lies under another. element which is lying under another is called child element or nested element.
Sometimes attackers create documents with 10000 or 100000 elements or attributes ina na attempt to break a web service. This is called as Recursive Payload attacks...
Most of the times XML based systems attemt to load whole document before processing it. Most of these parsers work on Push-Down automation models. There are some map of XML-documents is created to tell the parser about action to do it discovers a particular element in an XML.If XML schema allows nesting, parser could find find itself in a loop on facing a recursive payload attack...So Parser should have some mechanism to know which element was encountered at waht point..These kinds of recursive attacks can consume lot of memroy or even crash the machine having all web services hosted.
5. Oversize Payload attack
As we know XML is verbose by design due to the fact that its created for humans to read and understand. But its important for XML parser to check the size of file before processing it. Otheriwse attackers can exploit the vulnerability in a web service by sending heavy XML files, probably in size of gigs. Applications may be able to handle sometimes, but its very critical for applications where files are loaded into memory before processing.
6. External Entity attacks:
XML provides different external entity references that allow data outside the main document to be imported. It does this by declaring an external refernce as:
!ENTITY name SYSTEM "URI
so that an XML document can reuse existing data without having to make its own copy.
This particular attack refers to ondition when external reference is not trusted. An Attacker could provide malicious data which can initiate some unwanted action.
No comments:
Post a Comment