Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Mono XSP ASP.NET Server sourcecode disclosure vulnerability

from [jose . palanco] Network Security [Permanent Link]
Subject: Mono XSP ASP.NET Server sourcecode disclosure vulnerability
Date: 20 Dec 2006 17:26:11 -0000 
Mono XSP ASP.NET Server sourcecode disclosure vulnerability

Version:         Tested on mono 1.2.1
XSP for ASP.NET 1.1 and 2.0 (This is a regression as this issue didn't exists 
in Mono 1.0)

Discovered by:  Josi Ramsn Palanco: jose.palanco(at)eazel(dot)es

http://www.eazel.es

Time Line:      

    * Nov 29, 2006: Discovered security issue by Jose Ramon Palanco
    * Nov 30, 2006: Reported to Mono Project
    * Dec 1, 2006: Patch in subversion rev 68776
    * Dec 5, 2006: Mono is testing the patch and building packages for the fix
    * Dec 19, 2006: Published advisory

Description:    

Attackers use source code disclosure attacks to try to obtain the source code 
of server-side applications. The basic role of Web servers is to serve files as 
requested by clients. Files can be static, such as image and HTML files, or 
dynamic, such as ASPX, ASHX, ASCX, ASAX, webservices like ASMX files and any 
language supported by Mono like: C#, boo, nemerle, vb files: .cs, .boo, vb, .n, 
... When the browser requests a dynamic file, the Web server first executes the 
file and then returns the result to the browser. Hence, dynamic files are 
actually code executed on the Web server.

Using a source code disclosure attack, an attacker can retrieve the source code 
of server-side file. Obtaining the source code of server-side files grants the 
attacker deeper knowledge of the logic behind the Web application, how the 
application handles requests and their parameters, the structure of the 
database, vulnerabilities in the code and source code comments. Having the 
source code, and possibly a duplicate application to test on, helps the 
attacker to prepare an attack on the application.

An attacker can cause source code disclosure using adding %20 (space char) 
after the uri, for example
http://www.server.com/app/Default.aspx%20

Update: is also possible retrieve Web.Config file. This file contains sensible 
informatin like credentials.

Original advisory:

http://www.eazel.es/advisory007-mono-xsp-source-disclosure-vulnerability.html
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Mono XSP ASP.NET Server sourcecode disclosure vulnerability, jose . palanco <=
Previous by Date:  Oracle Portal 10g HTTP Response Splitting, putosoft softputo
Next by Date:  Re: Oracle <= 9i / 10g File System Access via utl_file Exploit, sumit kumar soni
Previous by Thread:  Oracle Portal 10g HTTP Response Splitting, putosoft softputo
Next by Thread:  [security bulletin] HPSBUX02174 SSRT061239 rev.2 HP-UX Running OpenSSL Denial of Service (DoS), Increase Privilege, security-alert
Indexes:  [Date] [Thread] [Top] [All Lists]