Network Security: Detailed info on Re: Invision Vulnerabilities, including remote code execution

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: Invision Vulnerabilities, including remote code execution

from [Steven M. Christey] Network Security

[Permanent Link]

Subject:	Re: Invision Vulnerabilities, including remote code execution
Date:	Wed, 26 Apr 2006 15:41:24 -0400 (EDT)

 sources/action_public/search.php line 1261
 $this->output = preg_replace(
 "#(value=[\"']{$this->ipsclass->input['lastdate']}[\"'])#i", "\\1
 selected='selected'",
 $this->output );

...
an #e modifier is added and then %00 used which will be parsed as a
null byte and truncate the string thus removing the original )#i
part.


This is a very interesting bug: modifying a regular expression in a
way that accesses the execution functionality.

In general, regexp hacking seems to be a fruitful area for research.
As another example, null characters have been used to bypass
security-relevant regexp checks.

As "input validation" becomes more frequent, it seems likely that
these kinds of vulns will be introduced more often.  Other languages
with rich regexp capabilities might be subject to similar issues.

- Steve

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Invision Vulnerabilities, including remote code execution, spam Re: Invision Vulnerabilities, including remote code execution, Steven M. Christey <= RE: Invision Vulnerabilities, including remote code execution, Mike Weller Re: Invision Vulnerabilities, including remote code execution, mattmecham

Previous by Date:	Re: XV multiple buffer overflows (update), kvea
Next by Date:	Re: Apple Mac OS X Safari 2.0.3 Vulnerability, Aaron Phillips
Previous by Thread:	Invision Vulnerabilities, including remote code execution, spam
Next by Thread:	RE: Invision Vulnerabilities, including remote code execution, Mike Weller
Indexes:	[Date] [Thread] [Top] [All Lists]