Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Java SQL/LDAP Injections

from [Jayaraman, Anand X.] Network Security [Permanent Link]
Subject: RE: Java SQL/LDAP Injections
Date: Thu, 27 Apr 2006 09:24:10 -0400 
Andy:

   For LDAP Injection.

   Call the following method before calling LDAP code inside checkUser()

public static bool isUsernameValid(string username) {
RegEx r = new Regex("^[A-Za-z0-9]{16}$");
return r.isMatch(username);
} 


This validate your input and help prevent an injection.


Anand

-----Original Message-----
From: Andres Molinetti [mailto:andymolinetti@hotmail.com] 
Sent: Wednesday, April 26, 2006 1:26 PM
To: websecurity@webappsec.org
Cc: webappsec@securityfocus.com
Subject: Java SQL/LDAP Injections

Dear list,

I am working on some Java code reviews and was looking for injection vectors 
that may apply on it.

Take for example the following code:

---------------------
public User getUsers(String userID) {
...
NamedQuery query = new NamedQuery(User.class, "user.view.by.id "); Map 
parameters = new HashMap(); parameters.put("userid", userID); 
query.setParameters(parameters); List list = Repository.select(query); ...
}
----------------------


That piece of code interacts with Hibernate to get a list of user objects with 
that ID from a relational DB. Here is the extract of the HBM mapping
file:

--------------------
<property name="userID" type="string" length="15" column="USER_ID"/> ....
<query name="user.view.by.id"><![CDATA[
from com.test.user as userX
where userID = :userid
]]>
</query>
--------------------

I am wondering if this represents vulnerable code, exploited by, for example, 
calling getUsers("' or '1'='1") or something of the sort.

Second, suppose the application interacts with an LDAP server, using the 
following code:

------------------------------------
public boolean checkUser(String userID) {

           boolean result = false;
           Attributes srchAttrs = new BasicAttributes(true);
           String [] resAttrsID = {"uid"};

           searchAttrs.put("uid", userID);
           Enumeration srchResults = null;

           srchResults = ctx.search(LDAP.getBranch(), srchAttrs, resAttrsID);
           if((srchResults != null) && ( srchResults.hasMoreElements() ==
true))
               result = true;

           result = false;

}
------------------------------------

Is this function vulnerable to LDAP Injection?

Looking foward to reading your opinions....

Andy.

_________________________________________________________________
Moda para esta temporada. Ponte al día de todas las tendencias. 
http://www.msn.es/Mujer/moda/default.asp


-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. Change the way you think 
about application security testing - See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------




-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. Change the way you 
think about application security testing - See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Web Site Certification, Dean H. Saxe
Next by Date:  Re: Web Site Certification, Nathaniel Hall
Previous by Thread:  Java SQL/LDAP Injections, Andres Molinetti
Next by Thread:  [Fwd: London WAF event - Addidional vulnerabilities], Dinis Cruz
Indexes:  [Date] [Thread] [Top] [All Lists]