An attack on front-end-backend systems that allows you to break into third-party requests
Details of a new attack on sites using a front-end-back-end model, for example, working through content delivery networks, balancers or proxies, have been revealed. The attack allows, by sending certain requests, to wedge into the contents of other requests processed in the same thread between the frontend and backend. The proposed method was successfully used to organize an attack that made it possible to intercept the authentication parameters of users of the PayPal service, which paid […]