Ø Definition:
“A direct object reference occurs when a developer
exposes a reference to an internal implementation object, such as a file,
directory, or database key. Without an access control check or other
protection, attackers can manipulate these references to access unauthorized
data.”
|
Ø
The Insecure Direct Object
References represent the flaws in system design where access to sensitive
data is not fully protected.
Ø Insecure
Direct Object Reference is an attack where attacker who is an authenticated
system user, simply changes a parameter value that directly refers to a system
object or another object.
Ø Identifying
this vulnerability is slightly more difficult using Automation tools than other
vulnerabilities because to exploit this vulnerability you not only need to
identify the flawed interface but also need to predict the pattern to identify
an secure object like File name, User Id or Customer Id etc.
Ø Let’s imagine
we have an ASP.NET webpage which is loaded once a user is authenticated to the
system.
Ø In this example, the user is a customer and
one of the functions available to them is the ability to view their customer
details.
Ø After
clicking the button, the customer details are returned and written to the page.
Ø Hitting the
button again exposes the following information in Firebug.
Ø Re-use the
same request but with a different customer ID.
Ø With a new
request now created, let’s hit the “Execute” button then switch back to the
inspectors view in the fiddler and look
at the response.
Ø Now,we can
get the different customer details.
Ø Protection:
• Avoid exposing private object references to users whenever possible, such as primary keys or filenames.
• Avoid exposing private object references to users whenever possible, such as primary keys or filenames.
• Verify authorization to
all referenced objects.
Ø Insecure Direct Object Reference in “Nokia”
web site.
For
reference:
No comments :
Post a Comment