One-way Web Hacking

From Saumil Shah, net-square.com

One-way web hacking is a technique which relies purely on HTTP traffic to attack and penetrate web servers and application servers. This technique was formulated to demonstrate that having tight firewalls or SSL does not really matter when it comes to web application attacks. The premise of the one-way technique is that only valid HTTP requests are allowed in and only valid HTTP responses are allowed out of the firewall.

A tight firewall can make things difficult for an attacker, but not keep the attacker entirely away. One-way hacks demonstrate the fact that, with tools like the file uploader, the web based command prompt and the web based SQL command prompt, it is just as easy to attack a web application and the underlying network with a tight firewall in place.

SSL makes things even worse, from the point of view of securing the application. Many people think that SSL prevents such attacks. It does not. SSL is used only to encrypt the data between the web browser and the web server, to prevent eavesdropping. SSL provides no security to the web application, or the underlying network. All one-way hacks can be easily adapted to SSL, using libraries such as OpenSSL.

Source code and examples of this technique are available here.

read more ...