Archivo por autor
Conferencia sobre Ataques de Denegación de Servicio en Aplicaciones Web para el 2º OWASP Spain Chapter Meeting
6 de Julio de 2007 | 
Autor: | Autor: |
Jaime Blasco: jaime.blasco(at)eazel(dot).es
|
||
|---|---|---|---|
| Descripción: |
|
||
Publicado en 
Etiquetas: 
Artículo publicado en la revista Hakin9 sobre seguridad y técnicas de fuzzing en controles ActiveX
| Autor: |
Jaime Blasco: jaime.blasco(at)eazel(dot).es |
|||
|---|---|---|---|---|
| Descripción: |
|
|||
Mono XSP ASP.NET Server sourcecode disclosure vulnerability
| Version: | Tested on mono 1.2.1 Version: XSP for ASP.NET 1.1 and 2.0 (This is a regression as this issue didn’t exists in Mono 1.0) |
|---|---|
| Discovered by: | José Ramón Palanco: jose.palanco(at)eazel(dot)es |
| Time Line: |
|
| Description: | Attackers use source code disclosure attacks to try to obtain the source code of server-side applications. The basic role of Web servers is to serve files as requested by clients. Files can be static, such as image and HTML files, or dynamic, such as ASPX, ASHX, ASCX, ASAX, webservices like ASMX files and any language supported by Mono like: C#, boo, nemerle, vb files: .cs, .boo, vb, .n, … When the browser requests a dynamic file, the Web server first executes the file and then returns the result to the browser. Hence, dynamic files are actually code executed on the Web server.
Using a source code disclosure attack, an attacker can retrieve the source code of server-side file. Obtaining the source code of server-side files grants the attacker deeper knowledge of the logic behind the Web application, how the application handles requests and their parameters, the structure of the database, vulnerabilities in the code and source code comments. Having the source code, and possibly a duplicate application to test on, helps the attacker to prepare an attack on the application. An attacker can cause source code disclosure using adding %20 (space char) after the uri, for example http://www.server.com/app/Default.aspx%20 Update: is also possible retrieve Web.Config file. This file contains sensible informatin like credentials. |
GForge Cross Site Scripting vulnerability
| Version: | Tested on GForge 4.5.11 |
|---|---|
| Discovered by: | José Ramón Palanco: jose.palanco(at)eazel(dot)es |
| Description: | GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting.
To exploit any attacker may send via GET method the “words” variable to: keywords: advisory006-gforge-cross-site-scripting-vulnerability.html |
D-Link DSL-G624T several vulnerabilities
| Version: | Tested on D-Link DSL-G624T Version: Firmware Version : V3.00B01T01.YA-C.20060616 |
|---|---|
| Discovered by: | José Ramón Palanco: jose.palanco(at)eazel(dot).es |
| Description: | D-Link DSL-G624T ADSL Router is vulnerable to several securities.
Directory transversalhttp://router/cgi-bin/webcm?getpage=/./././././././etc/passwd http://router/cgi-bin/webcm?getpage=/./././././././etc/config.xml Cross Site ScriptingUrl:: http://router/cgi-bin/webcm Url:: http://router/cgi-bin/webcm Url:: http://router/cgi-bin/webcm Directory listingIs possible to list the /cgi-bin directory keywords: advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html |
Artículo publicado en la revista Hakin9 sobre técnicas de Xpath Injection
| Autor: |
Jaime Blasco: jaime.blasco(at)eazel(dot)es |
|||
|---|---|---|---|---|
| Descripción: |
|
|||
Zyxel Prestige 660H-61 Cross Site Scripting
| Version: | Tested on Zyxel Prestige 660H-61 ZyNOS F/W Version: V3.40(PT.0)b32 | 1/28/2005 Standard:NORMAL |
|---|---|
| Discovered by: | José Ramón Palanco: jose.palanco(at)eazel(dot).es |
| Description: | Zyxel Prestige 660H-61 ADSL Router is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting in this script: http://router/Forms/rpSysAdmin?a=%3Cscript%3Ealert(‘www.eazel.es’)%3C/script%3E keywords: advisory004-Zyxel-Prestige-660H-61-Cross-Site-Scripting.php |
Siemens SpeedStream 2624 Denial of Service Vulnerability
CVE Reference: CVE-2006-3907 (Links to External Site)
Updated: Jun 13 2008
Original Entry Date: Jul 26 2006
Impact: Denial of service via network
Version(s): Model 2624; possibly others
Description: A vulnerability was reported in SpeedStream. A remote user can cause denial of service conditions.
A remote user can send a specially crafted packet to the administrative web server to cause the target router to freeze. A reboot is necessary to return to normal operations.
The vendor was notified on May 4, 2006.
Jaime Blasco discovered this vulnerability.
The original advisory is available at:
http://www.digitalarmaments.com/2006310665340982.html
Impact: A remote user can cause the target device to freeze.
Solution: No solution was available at the time of this entry.
Vendor URL: www.siemens.com/ (Links to External Site)
Cause: Exception handling error
Reported By: info@digitalarmaments.com
Message History: None.
Flexwatch Authorization Bypassing and XSS Vulnerability
Description:
Multiple FlexWATCH Network Cameras are vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the built-in Web server. A remote attacker could exploit this vulnerability using unspecified scripts and parameters to execute arbitrary script in a victim’s Web browser within the security context of the affected device, allowing the attacker to steal the victim’s cookie-based authentication credentials.
*CVSS:
| Base Score: | 3.7 |
| Access Vector: | Remote |
| Access Complexity: | High |
| Authentication: | Not Required |
| Confidentiality Impact: | Partial |
| Integrity Impact: | Partial |
| Availability Impact: | None |
| Temporal Score: | 2.7 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Gain Access
Remedy:
Refer to the FlexWATCH Web site for patch information. See References.
References:
- BugTraq Mailing List, Mon Jul 10 2006 – 04:38:31 CDT : Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability.
- FlexWATCH Web site: FlexWATCH – Network Camera Server.
- BID-18936: FlexWATCH Network Camera Cross-Site Scripting Vulnerability
- CVE-2006-3603: Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL.
- SA20994: FlexWATCH Network Camera FW-3400 Two Vulnerabilities
Leer el resto de esta entrada »
Siemens Speedstream 2624 Password Protection Bypass
CVE Reference: CVE-2006-3344 (Links to External Site)
Updated: Aug 12 2008
Original Entry Date: Jun 29 2006
Impact: User access via network
Exploit Included: Yes
Version(s): Tested on Model 2624
Description: A vulnerability was reported in the SpeedStream wireless router. A remote user can access restricted files.
A remote user can access protected files without having to login to the system by using the UPnP support interface.
The vendor was notified on May 2, 2006, without response.
Jaime Blasco discovered this vulnerability.
The original advisory is available at:
http://www.digitalarmaments.com/2006290674551938.html
Impact: A remote user can access ostensibly protected files on the target device.
Solution: No solution was available at the time of this entry.
Vendor URL: www.siemens.com/ (Links to External Site)
Cause: Access control error
Reported By: info@digitalarmaments.com
Message History: None.