the-web-application-hackers-handbook

CHAPTER
10
Attacking Back-End
Components
Web applications are increasingly complex offerings. They frequently function
as the Internet-facing interface to a variety of business-critical resources on the
back end, including networked resources such as web services, back-end web
servers, mail servers, and local resources such as filesystems and interfaces to the
operating system. Frequently, the application server also acts as a discretionary
access control layer for these back-end components. Any successful attack that
could perform arbitrary interaction with a back-end component could potentially
violate the entire access control model applied by the web application, allowing
unauthorized access to sensitive data and functionality.
When data is passed from one component to another, it is interpreted by
different sets of APIs and interfaces. Data that is considered “safe” by the core
application may be extremely unsafe within the onward component, which
may support different encodings, escape characters, field delimiters, or string
terminators. Additionally, the onward component may possess considerably
more functionality than what the application normally invokes. An attacker
exploiting an injection vulnerability can often go beyond merely breaking the
application’s access control. She can exploit the additional functionality supported
by the back-end component to compromise key parts of the organization’s
infrastructure.
357