Broker injection
{{Short description|Type of vulnerability}}
{{Multiple issues|{{Disputed|date=March 2016}}{{No footnotes|date=March 2016}}{{essay-like|date=March 2016}}
}}
Broker injection attack is a type of vulnerability that exploits misconfigured brokers, potentially allowing an attacker to read, write and inject information from/into their flow.
Description
There are many scenarios in which a broker is used to transport the information between tasks.
One of the most typical use cases is send e-mails in background. In this scenario we'll have two actors:
- An information producer (a website, for example).
- A worker or background process who actually sends the e-mail.
The producer needs an asynchronous and non-blocking way to send the email information to the worker.
This system is usually a broker. It takes the information from the web front-end and passes it to the worker, generating a new task in the worker. So, the worker has all the information to send the e-mail.
Taking the above scenario as an example, if we could access the broker, we would be able to make the worker generate new tasks with arbitrary data, unleashing a broker injection.
Attacks
With this in mind, we could make the following attacks:
- Listing remote tasks.
- Reading a remote task's contents.
- Injection of tasks into remote processes.
- Removing remote outstanding tasks.
Origin
The broker injection attack is not new, but it didn't have a name. This name was coined by Daniel García (cr0hn) at the RootedCON 2016 conference in Spain.
See also
References
External links
- [http://redis.io/topics/security Official Redis security tips]
- [https://github.com/cr0hn/enteletaor Enteletaor: The broker injection tool]
- [https://www.rootedcon.com/rootedcon2016/ponencias#daniel_garcia Broker injection in RootedCON 2016 (Spanish)]{{Dead link|date=October 2019 |bot=InternetArchiveBot |fix-attempted=yes }}