Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Does .aspx protect against sql injection?Any way to bypass it? Cooki

from [Calderon, Juan Carlos (GE, Corporate, consultant)] Network Security [Permanent Link]
Subject: RE: Does .aspx protect against sql injection?Any way to bypass it? Cookie SQL Injections?
Date: Fri, 9 Feb 2007 13:42:32 -0500 
There are ways to bypass this protection, I was about to report it when I 
realized someone already did in Russia a few days before :(

Here is the link
http://www.securityfocus.com/archive/1/390751

It is kind of hard to exploit since default encoding configuration should be 
changed. But still doable, I found it in one application :)

Regards,
Juan Carlos Calderon
Application Security Program
SCABBA Team Leader

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On 
Behalf Of Danett song
Sent: Martes, 06 de Febrero de 2007 07:03 p.m.
To: webappsec@securityfocus.com
Subject: Does .aspx protect against sql injection?Any way to bypass it? Cookie 
SQL Injections?


 Hi guys,

I looked at some microsoft documentation (
http://www.microsoft.com/downloads/details.aspx?FamilyID=e9c4bfaa-af88-4aa5-88d4-0dea898c31b9
), and appear that .NET framework prevent a bunch of web attack classes.

Also appear that this security enhancement is in .NET framework, providing  
programming functions and features that help to make .apsx applications more 
safe, however many parts yet are responsible from the developer, like input 
valudation. So in the reality doesn't appear that .NET framework provide a 
robust barrier to protect against this attacks (like a web application 
firewalll, example F5 web firewall), i'm right? Even cause they suggest to use 
aditional IISLockdown, URLscan, ISAPI filter, etc.

My main doubt is, is there any evasion methods used to bypass this common 
chcecks provided from .NET framework to difficult SQL injections, XSS, etc?

I made some tests in a new lab machine installed with Windows 2003, SQL server 
and IIS. All inputed were well validaded, so i were not able to abuse of any 
sql injection or xss (maybe it's in the .aspx code that were well wrote? Maybe 
in the .NET framework that prevent some attacks like a web application firewall?
Maybe a IISLockdown + URLScan + ISAPI filter), however I think it doesn't 
check/filter session values, I made a test setting the "Cookie" value with some 
chars like quote (as used in sql injection tests via url) and I got this error 
from the application (showing the server is using a SQL Server):

invalid character value for cast specification

I never tryed to exploit a sql injection in cookie values and never had seen 
this error before (which appear to be a cast conversion error).... any tip for 
me? Any document (link) ?

Also I know (cause the server is in my lab) that some this filters in input 
validation are been made by the .apsx code, cause the developer made it. But a 
attacker is able to remotly recoganize who is making this checks (if it's in 
the .aspx code that were well wrote? If in the .NET framework that prevent some 
attacks like a web application firewall? If is a IISLockdown + URLScan + ISAPI 
filter)? How?

thank you,

Cheers


__________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/ 

-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level attacks 
that hackers use to sneak into web applications today. This whitepaper will 
discuss how traditional XSS attacks are performed, how to secure your site 
against these attacks and check if your site is protected. 
Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------


-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level 
attacks that hackers use to sneak into web applications today. This 
whitepaper will discuss how traditional XSS attacks are performed, how to 
secure your site against these attacks and check if your site is protected. 
Cross-Site Scripting Explained - Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Instantiating an executable from a web browser., Colin Bean
Next by Date:  RE: Does .aspx protect against sql injection?Any way to bypass it? Cookie SQL Injections?, Danett song
Previous by Thread:  Does .aspx protect against sql injection?Any way to bypass it? Cookie SQL Injections?, Danett song
Next by Thread:  RE: Does .aspx protect against sql injection?Any way to bypass it? Cookie SQL Injections?, Danett song
Indexes:  [Date] [Thread] [Top] [All Lists]