|
WebApp Sec
mailing list archives
RE: Does .aspx protect against sql injection?Any way to bypass it? Cookie SQL Injections?
From: "Calderon, Juan Carlos (GE, Corporate, consultant)" <juan.calderon () ge com>
Date: Fri, 9 Feb 2007 13:42:32 -0500
There are ways to bypass this protection, I was about to report it when I realized someone already did in Russia a few
days before :(
Here is the link
http://www.securityfocus.com/archive/1/390751
It is kind of hard to exploit since default encoding configuration should be changed. But still doable, I found it in
one application :)
Regards,
Juan Carlos Calderon
Application Security Program
SCABBA Team Leader
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Danett song
Sent: Martes, 06 de Febrero de 2007 07:03 p.m.
To: webappsec () securityfocus com
Subject: Does .aspx protect against sql injection?Any way to bypass it? Cookie SQL Injections?
Hi guys,
I looked at some microsoft documentation (
http://www.microsoft.com/downloads/details.aspx?FamilyID=e9c4bfaa-af88-4aa5-88d4-0dea898c31b9
), and appear that .NET framework prevent a bunch of web attack classes.
Also appear that this security enhancement is in .NET framework, providing programming functions and features that
help to make .apsx applications more safe, however many parts yet are responsible from the developer, like input
valudation. So in the reality doesn't appear that .NET framework provide a robust barrier to protect against this
attacks (like a web application firewalll, example F5 web firewall), i'm right? Even cause they suggest to use
aditional IISLockdown, URLscan, ISAPI filter, etc.
My main doubt is, is there any evasion methods used to bypass this common chcecks provided from .NET framework to
difficult SQL injections, XSS, etc?
I made some tests in a new lab machine installed with Windows 2003, SQL server and IIS. All inputed were well
validaded, so i were not able to abuse of any sql injection or xss (maybe it's in the .aspx code that were well wrote?
Maybe in the .NET framework that prevent some attacks like a web application firewall?
Maybe a IISLockdown + URLScan + ISAPI filter), however I think it doesn't check/filter session values, I made a test
setting the "Cookie" value with some chars like quote (as used in sql injection tests via url) and I got this error
from the application (showing the server is using a SQL Server):
invalid character value for cast specification
I never tryed to exploit a sql injection in cookie values and never had seen this error before (which appear to be a
cast conversion error).... any tip for me? Any document (link) ?
Also I know (cause the server is in my lab) that some this filters in input validation are been made by the .apsx code,
cause the developer made it. But a attacker is able to remotly recoganize who is making this checks (if it's in the
.aspx code that were well wrote? If in the .NET framework that prevent some attacks like a web application firewall? If
is a IISLockdown + URLScan + ISAPI filter)? How?
thank you,
Cheers
__________________________________________________
Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web
applications today. This whitepaper will discuss how traditional XSS attacks are performed, how to secure your site
against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional XSS attacks are performed, how to
secure your site against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
