2

Upon running the Burp Security Suite on our web application, I'm getting an issue like 'External Service Interaction' in a page where there's an textbox for getting email addresses. Think of it like inviting other people to our website.

The page is supposed to send email to the addresses user enters, thus the server will resolve domain name in the email addresses like gmail.com, hotmail.com etc.

The Burp Suite says, this could be used as attack proxy. We have mechanisms to stop DDoS attacks on our site thus reducing attack surface on our website.

What are other kinds of attacks that is possible and what preventive mechanisms should we deploy?

1 Answers1

-1

The External Service Interaction arise when it is possible for a attacker to induce application to interact with the arbitrary external service such as DNS etc.

The ESI can is not limited to HTTP,HTTPS or DNS, you can lead to FTP, SMTP etc. Such weakness can lead to DDoS attack.

Such ESI can lead to

  • DDoS Attack
  • OS Command Injection
  • Code Manipulation
  • DoS Attack

To mitigate it

  • Review Source Code for functions such as dns.resolve() , dns.query() , sys_exec() etc
  • Use whitelist check, boundary based validation and sanitization
  • Maintain whitelist at network and web front
Naresh Kumar
  • 561
  • 2
  • 15