From: V.Benjamin Livshits (livshitscs.stanford.edu)
Date: Fri Nov 12 2004 - 17:26:06 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've seen a large number of cases where components of an application
(such as individual servlets, beans, plugins, etc.) are loaded
reflectively. The names used for reflective invocation are ofen read
from confiration files and such.

It seems that if the intruder has access to that configuration file, but
not perhaps to the rest of the application, he should be able to
substitute malicious remote implementations for the classes to be
loaded. I guess, that's somewhat similar to loader hijacking attacks.

Are there inteersting situations or scenarios where application
configuration might fall under malicious user's control? By interesting
I mean something other than just storing these files in easily
accessible location.

Have there been any attacks along these lines?

Thanks,
-Ben

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]