Support
Eng
òÕÓ
Company
Home
Services
Solutions
Documentation
News and Events
 
 
 
Knowledgebase
Downloads
Glossary
Ask a Question
Search:     Advanced search
SHALB.com / Security Knowledgebase / Web Application Security / Attack / Abuse of Functionality / Mobile code: object hijack
server monitoring

Mobile code: object hijack
Article ID: 9
Last updated: 06 May, 2008
Print
Email to friend
Views: 405
Posted: 06 May, 2008
by: Tech Pubs S.
Updated: 06 May, 2008
by: Tech Pubs S.

Mobile code: object hijack

Description

This attack consists in a technique to create objects without constructors’ methods by taking advantage of clone() method of Java based applications.

Case a certain class implements cloneable() method declared as public, but doesn’t has a public constructor method nor declared as final, it is possible to extent it into a new class and create objects using the clone() method.

The clonable() method certificates that the clone() method functions correctly. A cloned object has the same attributes (variables values) that the original object, but the objects are independents.

Severity

Medium to High

Likelihood of exploitation

Medium

Examples

In this example, a public class “BankAccount” implements the clonable() method which declares “Object clone(string accountnumber)”: 

public class BankAccount implements Cloneable{
public Object clone(String accountnumber) throws                                                                                                  
CloneNotSupportedException
     {
      Object returnMe = new BankAccount(account number);

     }
}

An attacker can implement a malicious public class that extends the parent BankAccount class, as follows: 

public class MaliciousBankAccount extends BankAccount implements   
                                                      Cloneable{
public Object clone(String accountnumber) throws CloneNotSupportedException 
              {
               Object returnMe = super.clone();

              }
}

A Java applet from certain application is acquired and subverted by an attacker. Then, he makes the victim accepts and runs a Trojan or malicious code that was prepared to manipulate objects’ state and behavior. This code is instantiated and executed continuously using default JVM on victim’s machine. When the victim invokes the Java applet from the original application using the same JVM, then the attacker clones the class, he manipulates the attributes values and after that substitutes the original object for the malicious one.

External References

http://cwe.mitre.org/data/definitions/491.html - Mobile Code: Object Hijack http://www.fortifysoftware.com/vulncat/ - Object Model Violation: Erroneous clone() Method

This article was:   Helpful | Not Helpful
Prev   Next
Mobile code: non-final public field     Exploitation of Authentication

server monitoring

¿ 2010 "SHALB.com" All rights reserved
SHALB Home
Services
Solutions
Documentation
News and Events