Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright Security-Assessment.com 2004 Security-Assessment.com Advances in Web Application Hacking by Nick von Dadelszen.

Published byMarjorie Harvey Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright Security-Assessment.com 2004 Security-Assessment.com Advances in Web Application Hacking by Nick von Dadelszen."— Presentation transcript:

1 Copyright Security-Assessment.com 2004 Security-Assessment.com Advances in Web Application Hacking by Nick von Dadelszen

2 Copyright Security-Assessment.com 2004 Security-Assessment.com Existing Web App Issues Cross-site Scripting SQL Injection Parameter Manipulation Session Management

3 Copyright Security-Assessment.com 2004 Security-Assessment.com New Ways To Exploit Existing Issues Most issues are still occurring due to incorrect INPUT VALIDATION! Even the vendors are not immune

4 Copyright Security-Assessment.com 2004 Security-Assessment.com Null Byte Upload 1 ASP has trouble handling Null bytes when using FileScripting Object Take the following HTML code: Your Picture:

5 Copyright Security-Assessment.com 2004 Security-Assessment.com Null Byte Upload 2 Form posts to the following ASP code: Public Sub Save(Path) Set objFSO = Server.CreateObject("Scripting.FileSystemObject") Set objFSOFile = objFSO.CreateTextFile(objFSO.BuildPath(Path, tFile + ".bmp")) ‘ Write the file contents objFSOFile.Close End Sub

6 Copyright Security-Assessment.com 2004 Security-Assessment.com Null Byte Upload 3 If the POSTED filename contains a NULL byte, the FileSystem object only uses the information up to the NULL byte to create the file nc.exe test.bmp creates nc.exe in file system Must use Proxy to change filename WebProxy Handles Hex natively

7 Copyright Security-Assessment.com 2004 Security-Assessment.com

8 Copyright Security-Assessment.com 2004 Security-Assessment.com.Net XSS Filtering Bypass 1 ASP.Net 1.1 contains request Validation Built-in validators allow out-of-the-box protection for XSS and SQL injection Unfortunately has an implementation flaw allowing bypass of the filters Validator bans all strings in the form of <letter Close tags are allowed

9 Copyright Security-Assessment.com 2004 Security-Assessment.com.Net XSS Filtering Bypass 2 Bypass performed by adding a NULL byte between the < and the letter foo.bar/test.asp?term= alert('Vulnerable') Validator no longer sees this as an invalid tag and allows it through Browsers disregard NULL bytes when parsing so HTML code is still run

10 Copyright Security-Assessment.com 2004 Security-Assessment.com.Net Authentication Bypass 1 ASP.Net provides built-in Forms-based authentication Web.config tells server which files and folders to require authentication The following in web.config protects the /secure directory

11 Copyright Security-Assessment.com 2004 Security-Assessment.com.Net Authentication Bypass 2 Request to the following page redirects to a login page –http://www.example.com/secure/somefile.asp Using Mozilla the following request will provide the page unauthenticated –http:// www.example.com/secure\somefile.asp Using IE the following request will also provide the page unauthenticated –http:// www.example.com/secure%5csomefile.asp

Download ppt "Copyright Security-Assessment.com 2004 Security-Assessment.com Advances in Web Application Hacking by Nick von Dadelszen."

Similar presentations

PHP Form and File Handling

PHP Form and File Handling
Unit 02. ASP.NET Introduction HTML & Server controls Postbacks Page Lifecycle.

Unit 02. ASP.NET Introduction HTML & Server controls Postbacks Page Lifecycle.
Webgoat.

Webgoat.
PHP File Upload ISYS 475.

PHP File Upload ISYS 475.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
Types, exploitation, and prevention

Types, exploitation, and prevention
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.

COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
Vulnerability Assessment Course Applications Assessment.

Vulnerability Assessment Course Applications Assessment.
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Blackbox Reversing of XSS Filters Alexander Sotirov ekoparty 2008.

Blackbox Reversing of XSS Filters Alexander Sotirov ekoparty 2008.
IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.

IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.

Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
FILE UPLOADS CHAPTER 11. THE BASIC PROCESS 1.The HTML form displays the control to locate and upload a file 2.Upon form submission, the server first stores.

FILE UPLOADS CHAPTER 11. THE BASIC PROCESS 1.The HTML form displays the control to locate and upload a file 2.Upon form submission, the server first stores.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software

Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Similar presentations

Ads by Google