Posts Tagged ‘asp’
Posted in asp.net, Authentication, c++, dotnet, forms, howto, programming, security on January 24th, 2012 by presclark
Tags: .net, asp |
Posted in c++, programming, security, webservice, webservices, web_services on January 17th, 2012 by hmazlout
Tags: .net, asp |
Posted in code, pentest, scanner, security, test, Tools, va, vulnerability, web on January 5th, 2012 by firemanworld
Tags: asp |
Posted in code, dev, security, sqlinjection, Validator on December 21st, 2011 by raktec
Tags: .net, asp |
Posted in Security Tools, Tools on July 16th, 2009 by SecurityDatabase
Ludovic Petit (OWASP France Leader and Vice-Chair) has just sent to France OWASP mailing list a note about the OWASP SSB project. The Security Spending Benchmarks Project seeks to produce guidance and an industry accepted benchmark for justifying overall Web application security spending. We want to quantify how many dollars and human resources should be allocated towards the software development life-cycle, security training, security software/tools, independent third-party reviews, Web (...)
-
Security Tools
/
Owasp,
Methodology
Tags: asp, Tools, web |
Posted in ISC on July 15th, 2009 by ISC Handler
Update1: The vulnerability is being actively exploited on web sites. More to follow.
Microsoft has released an advisory related to an Office Web Components ActiveX vulnerability, it is available here. This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. The CVE entry for the vulnerability is CVE-2009-1136. Microsoft mentions that they are aware of active exploits against this vulnerability, although we at the SANS Internet Storm Center haven't seen it used or mentioned in public as of yet (this has changed, we are seeing active exploit pages). Which may tend to indicate it has been used in targeted rather than broad based attacks. At the moment there is no patch, there is a workaround, and it can be automated for enterprise deployment. The specific CLSIDs to set the killbit for are:
{0002E541-0000-0000-C000-000000000046}
{0002E559-0000-0000-C000-000000000046}
Start working on this on ASAP. The impact is remote code execution with the privileges of the logged in user running Internet Explorer, and might not require user intervention. As in browse to a nasty web site and be pwn3d.
Advisory: http://www.microsoft.com/technet/security/advisory/973472.mspx
KB article: http://support.microsoft.com/kb/973472
SRD blog: http://blogs.technet.com/srd/archive/2009/07/13/more-information-about-the-office-web-components-activex-vulnerability.aspx
MSRC blog: http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx
There is a long list of affected products:
Microsoft Office XP Service Pack 3;
Microsoft Office 2003 Service Pack 3;
Microsoft Office XP Web Components Service Pack 3;
Microsoft Office Web Components 2003 Service Pack 3;
Microsoft Office 2003 Web Components for the and
Microsoft Office Small Business Accounting 2006.
For information on how to prevent ActiveX controls from running check out this Microsoft KB article on modifying the registry. This article describes how to deploy using Active Directory. If you have administrative privileges on a single system and are running Internet Explorer, you can click on this 'fixit' link to set the killbit and mitigate the vulnerability on a home computer for example.
Update1: The vulnerability is being actively exploited on web sites. More to follow.
Update2: One other obvious mitigation step is to use an alternate web browser (as in other than IE) that does not make use of ActiveX.
Update3: We have raised the Infocon to yellow for 24 hours due to the active exploitation of this vulnerability.
Update4:We will be updating our existing diary post of domains to block with domains that are hosting this exploit as well. You can see that diary entry at the following url. http://isc.sans.org/diary.html?storyid=6739 (newly added domains are in yellow) - AndreL
Update5: Attack vectors used to exploit this vulnerability.
The now known public attempts to exploit the vulnerability, attackers just modify the code with a fresh download and payload to slightly modified malware.
A .cn domain using a heavily obfuscated version of the exploit - which may become an attack kit (think MPACK)and is similar to recent DirectShow attacks.
A highly targeted attack against an organization earlier today who received a Microsoft Office document with embedded HTML. This one was particularly nasty, it was specifically crafted for the target - with the document being tailored with appropriate contact information and subject matter that were specific to the targeted recipient. Analysis of the document and secondary payload found the attacker used a firewall on the malicious server so that all IP traffic outside of the targeted victim's domain/IP range would not reach with the server.
Update6: This blog has additional information, with examples of code that may have been used in this attack. hxxp://safelab.spaces.live.com/blog/cns!A6B213403DBD59AF!1463.entry (obscured on purpose, some AV products will trigger accessing the page. Another example is here: hxxp://xeye.us/blog/2009/07/one-0day/
One part of a signature looking for the exploit would be ActiveXObject(OWC10.Spreadsheet), which could also be used for legitimate web applications trying to open a spreadsheet.
Update7: attempt at snort sigs (until something better comes along):
alert tcp $EXTERNAL_NET $HTTP_PORTS - $HOME_NET any (msg:MS 0day Excel ActiveX1 CVE-2009-1136 ref isc.sans.org/diary.html?storyid=6778 content:0002E559-0000-0000-C000-000000000046 pcre:/OBJECTs+[^]*classids*=s*[x22x27]?s*clsids*x3as* x7B?s*0002E559-0000-0000-C000-000000000046/si)
alert tcp $EXTERNAL_NET $HTTP_PORTS - $HOME_NET any (msg:MS 0day Excel ActiveX2 CVE-2009-1136 ref isc.sans.org/diary.html?storyid=6778 content:0002E541-0000-0000-C000-000000000046 pcre:/OBJECTs+[^]*classids*=s*[x22x27]?s*clsids*x3as* x7B?s*0002E541-0000-0000-C000-000000000046/si)
Update8: Metasploit have released a module exploiting the vulnerability.
Update9: Matt Hrynkow and John Silvestri have submitted .ADM files for use in Active Directory GPO templates for setting the ActiveX killbits for last week's and this weeks vulnerabilities. Here is the one for The MS Office Web Object 973472 CVE-2009-1136.
--Start here--
CLASS MACHINE
CATEGORY Windows Components
CATEGORY Internet Explorer
POLICY Internet Explorer - ActiveX Compatibility Disable for Microsoft Office Web Components
#if version = 3
EXPLAIN !!EXPLAIN1
#endif
KEYNAME SOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{011B3619-FE63-4814-8A84-15A194CE9CE3}
VALUENAME Compatibility Flags
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
ACTIONLISTON
KEYNAME SOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0002E541-0000-0000-C000-000000000046}
VALUENAME Compatibility Flags VALUE NUMERIC 1024
KEYNAME SOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0002E559-0000-0000-C000-000000000046}
VALUENAME Compatibility Flags VALUE NUMERIC 1024
END ACTIONLISTON
ACTIONLISTOFF
KEYNAME SOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0002E541-0000-0000-C000-000000000046}
VALUENAME Compatibility Flags VALUE NUMERIC 0
KEYNAME SOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0002E559-0000-0000-C000-000000000046}
VALUENAME Compatibility Flags VALUE NUMERIC 0
END ACTIONLISTOFF
Internet Explorer - ActiveX Compatibility Disable for OWC10_and_OWC11
Windows Components
CLASS USER
[Strings]
EXPLAIN1 =Enable this policy to implement workaround documented for Microsoft Security Advisory (973472)nnnhttp://www.microsoft.com/technet/security/advisory/973472.mspxnhttp://isc.sans.org/diary.html?storyid=6778n
--End here--
Update10: This MSDN blog has 32 and 64 bit versions of the Active Directory GPO ADM files and .reg files that should mitigate this vulnerability: http://blogs.msdn.com/askie/archive/2009/07/14/group-policy-adm-template-to-implement-the-workaround-from-security-advisory-973472.aspx The one posted above in Update9 apparently only works on 32 bit, and is missing the backslashes. Thanks Jim and Brian for letting us know.
If you see exploit code for this vulnerability, or have knowledge of it being used in an attack please let us know via our contact page.
Thanks to all who have contributed to this diary!
Cheers,
Adrien de Beaupr
EWA-Canada.com
Teaching SANS Cutting-Edge Hacking Techniques in Ottawa this September.
Tags: asp, code, exploit, microsoft, News, patch, web, windows |
Posted in Security Tools, Tools on June 26th, 2009 by SecurityDatabase
SAINT is the Security Administrator's Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT's data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...)
-
Security Tools
/
Saint,
Automated Exploiter,
Application Scanner,
Vulnerability Management
Tags: asp, exploit, Tools, web |
Posted in News on February 9th, 2009 by SecurityFocus
Kaspersky exposes sensitive database, says hacker
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Tags: asp, News |
Posted in SecurityFocus on November 29th, 2008 by SecurityFocus
ParsBlogger 'blog.asp' Cross Site Scripting Vulnerability
Tags: asp |
Posted in SecurityFocus on November 26th, 2008 by SecurityFocus
ParsBlogger 'blog.asp' SQL Injection Vulnerability
Tags: asp, sql |
Music to c0d3 too: