Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

AMD web forums trojaned by WMF exploit

from [Evans, Arian] Network Security [Permanent Link]
Subject: AMD web forums trojaned by WMF exploit
Date: Tue, 31 Jan 2006 13:02:55 -0600 
I posted to a few of the lists about WMF and webappsec
earlier, thinking there would be more abuse of WMF in
webapps on the Internet:

AMD was hit by a cross-site-WMF:
http://www.f-secure.com/weblog/archives/archive-012006.html#00000795

So there are two issues here. (a) embedding *stuff* cross site,
and (b) content type safety.

I think this issue relevant to webappsec. Here's why:

1. Input Validation
2. Input Validation

We all know the joy of strongly typing data, but how often do we
give the same treatment to *content* in binary formats? For example,
see just about any web-based DMS that runs on Windows.

Why is this? Due to difficulty?

I've seen web-based DMS systems on *nix platforms perform basic binary
file type validation using utilities like 'file'.

Should we not be using content validation libraries to verify
our jpgs are really jpgs (and not windows metafiles), our Word
docs are word docs, etc. etc. etc.?

Seems reasonable that if I want to scrub metacharacters to prevent
attackers from XSSing my web-based DMS users, I might want to prevent
the ability to launch BoF remote root attacks via embedded content.

I would give much higher priority to a remote root BoF (than an XSS),
though there are a greater range of mitigating controls available
to counter malicious content (e.g.-local AV engines with appropriate
signatures, network IPS, etc.).

That is my thought for the year. Now I am spent,

p.s.--I will be over on the continent a priori the event known as Black
Hat and shortly thereafter. If any of you are around Amsterdam Feb 20-something
to week of March 5th and would like me to buy you a beer in apology for
inane posts, email me and a beer is yours.

For social email use my first name at anachronic.com. 

Arian J. Evans
FishNet Security

816.421.6611 [office]
816.701.2045 [direct] <--checked infrequently
888.732.9406 [toll-free]
816.421.6677 [fax]
913.710.7045 [mobile] <--daily/international access
aevans@fishnetsecurity.com [email]

http://www.fishnetsecurity.com


-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • AMD web forums trojaned by WMF exploit, Evans, Arian <=
Previous by Date:  Re: Referer/302 behavior [WEB SECURITY] Web Hacking... PayPal Phishing ... Google redirect, Peter Watkins
Next by Date:  Re: Cross Site Cooking, Erwan Legrand
Previous by Thread:  Who's afraid of Mallory Wolf?, Ace123
Next by Thread:  SF new article announcement - Malicious Malware: attacking the attackers, part 1, Andrew van der Stock
Indexes:  [Date] [Thread] [Top] [All Lists]