Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

IISShield and ASP.NET canonicalization

from [Tiago Halm] Network Security [Permanent Link]
Subject: IISShield and ASP.NET canonicalization
Date: Wed, 13 Oct 2004 20:20:03 +0100 
All,

A lot of fuzz has come around the canonicalization issue found with IIS and
ASP.NET forms authentication. One of the main worries has been if IISShield
is an effective measure to prevent this kind of exploit.

So, is it effective? Yes!

Since ISAPI Filters will be the main topic, here goes. ISAPI Filters have
several notifications to which they can subscribe and these notifications
are the various steps through which an Http Request goes through before
reaching the intended script map ISAPI Extension to which it is destined.
Each ISAPI Filter installed in IIS has a chance to do something (parse,
modify) to the contents of that Http Request (each ISAPI gets a chance to
its own thing in the exact order they are installed in IIS).

Only after the ISAPI Filters process the pre-execution notifications, is
when IIS delivers the Http Request to the appropriate script map ISAPI
Extension. ASP.NET, with its associated extensions - aspx, asax, ashx,
etc.., is handled by one of those ISAPI Extensions called
C:\WINNT\Microsoft.NET\Framework\<framework version>\aspnet_isapi.dll
(IIS5).  In IIS6, the ISAPI Extension of ASP.NET has another name I do not
recall right now. These extensions deal with all the details of the ASP.NET
execution request. After ASP.NET terminates the processing of the Http
Request, it then delivers it the ISAPI Filters "kingdom" again. And now, the
Http Response (now its called response, since it is an answer to a request)
must then travel through the post-execution notifications where again the
ISAPI Filters have their opportunity to parse/modify the Http Response.
So, every Http Request reaching IIS goes through the ISAPi Filter
notifications where there is an opportunity to parse the request.

KodeIT IISShield reliably protects IIS from any encoding attempt of a URL be
it:
- Hexadecimal escape codes
- UTF-8 variable-width encoding
- UCS-2 Unicode encoding
- Double encoding

Tiago Halm
KodeIT Development Team
http://www.kodeit.org


---
[This E-mail has been scanned for viruses but it is your responsibility
to maintain up to date anti virus software on the device that you are
currently using to read this email. ]

--
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such 
that just hitting reply is going to result in the message coming to the list, 
not to the individual who sent the message. This was done to help reduce the 
number of Out of Office messages posters received. So if you want to send a 
reply just to the poster, you'll have to copy their email address out of the 
message and place it in your TO: field.
--
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • IISShield and ASP.NET canonicalization, Tiago Halm <=
Previous by Date:  MS04-028 Enterprise Scanning Tool KB location, Russ
Next by Date:  Buffer Overflow In Microsoft Excel, Brett Moore
Previous by Thread:  MS04-028 Enterprise Scanning Tool KB location, Russ
Next by Thread:  Buffer Overflow In Microsoft Excel, Brett Moore
Indexes:  [Date] [Thread] [Top] [All Lists]