Loose source checking - why referer bypass occurs

By YEHG -
Insufficient checking was commonly associated with the flaw that allows bypasses to happen.

This happened when Programmers checks only for "containment" rather than thorough implementation of checking.

Insecure:
public class LooseSourceCheck {
    public static void showExample(String url){

        try{
            if(url.startsWith("http://trustedsubdomain")){
                System.out.print(String.format("Trusted subdomain: ", url));
            }
            else {
                    throw new IOException("Untrusted subdomain: " + url);
            }
        }
        catch(Exception ex){
        }
    }
}
Secure:

 

public class StrictSourceCheck {

    public static void showExample(){

        try{
            String[] approved_hosts = {
                    "trust1.yehg.net",
                    "trust2.yehg.net",
     "trust3.yehg.net",
     "trust4.yehg.net"
            };

            String url = "http://trust1.attacker.net/hack.jpg";
            URL netUrl = new URL(url);
            String host = netUrl.getHost();

            Boolean b = Arrays.asList( approved_hosts ).contains(host);
            if(!b){
                System.out.println("Untrusted domain: " + url);
            }else{
                System.out.println("Trusted domain: " + url );

            }
        }
        catch(Exception ex){


        }
    }
}












































Comments











Post a Comment























Popular posts from this blog









Bypassing referrer check with no script involved







By


YGN Ethical Hacker Group



-















 No more to use scripting approach like https://github.com/knu/noreferrer   This useful meta tag helps for CSRF POC preparation when you come across an application that checks referrer header:   <meta name="referrer" content="no-referrer">   https://caniuse.com/#feat=referrer-policy   








Read more










Jumping out of Touch Screen Kiosks







By


YGN Ethical Hacker Group



-














Image







 Background:   Nowadays, the use of large touch screen kiosks has been prevalent.  They are to replace tradition paper-based brochures and to provide more interactive means to consumers. In restaurants, you can see a variety of food menu that can be accessible in large touch screen LCD monitor.  In your local Telcos, you can see a variety of mobile and Internet subscriptions plans.     Behind these touch screen menus are running standalone or browser-mode Adobe Flash applications which are second-to-none for interactivity and scalablity and ease of update. Data could be pulled from somewhere round their centralized web severs.   Weakness: Jumping out  We cannot use  iKat  at first as we do not have access to any keyboard facility.  However, the trick is no-brainer.   Do long press on any locations and relieve.   You should see the usual Flash context menu like:  Touch "Global Settings".   A web browser window will pop up and redirect to the Adobe ...








Read more