Vulnerabilities in Encapsulation

Encapsulation as people might have aware is a programming statement that been defined when it wrapping up the data under a single unit code. The main function would be to bind together the code and manipulates any data.

Walkthrough of the attack

The first thing to be doing would be initiated by the attack for an uncommon type of request traffic to the web application or system that might be resulting in an error code message on the web apps.

Next, the attacker can gain any sensitive information such as detail on the system and application that will also include debugging error and log data file. There would be well-known vulnerabilities where the attacker might be exploited it to their advantage.

After done with information gathering process, the attacker will be able to execute exploitation to the system or application that might trigger the security protection to be faulty and it will result to crash the server itself. The method that the attacker

Example Code

Every attack by the attacker will come from exploit which uses programming code like Java, C+, Python, Perl and so on.

Before we start to look into the vulnerability code, we will look into a basic Java Code such as below that will help to understand better later on

Source: Java For Beginners Tutorial – Encapsulation

public class Testing
{    
public static void main (String[] args) 
{

// setting values of the variables 
obj.setName("darknite");
obj.setNumber(10);

// Displaying values of the variables
System.out.println("Name: " + obj.getName());
System.out.println("Number: " + obj.getNumber());
 
Output:
Name: darknite
Number: 10

Below is the example of C Language that will respond and give the error page when the attacker executes the exploit code.

char = getenv("PATH");  
sprintf(stderr, "This page URL cannot be found" %s\n", path); 

Source: Java Encapsulation, Encapsulation in Java

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *