This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Mobile code: invoking untrusted mobile code"
| Line 2: | Line 2: | ||
==Description== | ==Description== | ||
| − | |||
This attack consists on manipulation of a mobile code in order to execute malicious operations at the client side. By intercepting client traffic using “man-in-the-middle” technique, a malicious user could modify the original mobile code with arbitrary operations that will be executed on client’s machine under his credentials. | This attack consists on manipulation of a mobile code in order to execute malicious operations at the client side. By intercepting client traffic using “man-in-the-middle” technique, a malicious user could modify the original mobile code with arbitrary operations that will be executed on client’s machine under his credentials. | ||
In other scenario, the malicious mobile code could be hosted in an untrustworthy web site or it could be permanently injected on a vulnerable web site thru an injection attack. | In other scenario, the malicious mobile code could be hosted in an untrustworthy web site or it could be permanently injected on a vulnerable web site thru an injection attack. | ||
| − | This attack can be performed over Java or C++ applications and affects any operational system. | + | This attack can be performed over Java or C++ applications and affects any operational system. |
| + | ==Severity== | ||
| + | Medium to High | ||
| + | |||
| + | ==Likelihood of exploitation== | ||
| + | Low | ||
==Examples == | ==Examples == | ||
| Line 23: | Line 27: | ||
</pre> | </pre> | ||
| − | + | ==External References== | |
| − | ==References== | ||
| − | |||
*https://buildsecurityin.us-cert.gov/daisy/bsi/100/version/1/part/4/data/CLASP_ApplicationSecurityProcess.pdf?branch=main&language=default | *https://buildsecurityin.us-cert.gov/daisy/bsi/100/version/1/part/4/data/CLASP_ApplicationSecurityProcess.pdf?branch=main&language=default | ||
| − | |||
*http://cwe.mitre.org/data/definitions/494.html | *http://cwe.mitre.org/data/definitions/494.html | ||
| − | |||
==Related threats== | ==Related threats== | ||
[[:Category: Logical Attacks]] | [[:Category: Logical Attacks]] | ||
| − | |||
==Related Attacks== | ==Related Attacks== | ||
| − | |||
*[[Mobile code: non-final public field]] | *[[Mobile code: non-final public field]] | ||
| − | *[[ Mobile code: object hijack]] | + | *[[Mobile code: object hijack]] |
| − | |||
| − | |||
==Related Vulnerabilities== | ==Related Vulnerabilities== | ||
[[:Category: Unsafe Mobile Code]] | [[:Category: Unsafe Mobile Code]] | ||
| − | |||
| − | |||
==Related Countermeasures== | ==Related Countermeasures== | ||
To solve this issue, it’s necessary to use some type of integrity mechanism to assure that the mobile code has not been modified. | To solve this issue, it’s necessary to use some type of integrity mechanism to assure that the mobile code has not been modified. | ||
| − | + | [[Category: Abuse of Functionality]] | |
| − | + | [[Category:Attack]] | |
| − | |||
| − | |||
| − | |||
| − | [[ | ||
| − | |||
| − | [[ | ||
Revision as of 17:09, 5 November 2007
- This is an Attack. To view all attacks, please see the Attack Category page.
Description
This attack consists on manipulation of a mobile code in order to execute malicious operations at the client side. By intercepting client traffic using “man-in-the-middle” technique, a malicious user could modify the original mobile code with arbitrary operations that will be executed on client’s machine under his credentials. In other scenario, the malicious mobile code could be hosted in an untrustworthy web site or it could be permanently injected on a vulnerable web site thru an injection attack. This attack can be performed over Java or C++ applications and affects any operational system.
Severity
Medium to High
Likelihood of exploitation
Low
Examples
The following code demonstrates how this attack could be performed using a Java applet.
// here declarer a object URL with the path of the malicious class
URL[] urlPath= new URL[]{new URL("file:subdir/")};
// here generate a object “loader” which is responsible to load a class in the URL path
URLClassLoader classLoader = new URLClassLoader(urlPath);
//here declare a object of a malicious class contained in “classLoader”
Class loadedClass = Class.forName("loadMe", true, classLoader);<br><br>
External References
- https://buildsecurityin.us-cert.gov/daisy/bsi/100/version/1/part/4/data/CLASP_ApplicationSecurityProcess.pdf?branch=main&language=default
- http://cwe.mitre.org/data/definitions/494.html
Related threats
Related Attacks
Related Vulnerabilities
Related Countermeasures
To solve this issue, it’s necessary to use some type of integrity mechanism to assure that the mobile code has not been modified.
