|
|
|
HTTP Parameter Fragmentation HPF is one of the methods to bypass security filters in web applications |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : The idea to use HTTP Parameter Fragmentation HPF when calling a web application for the purpose of bypassing security filters particularly, WAFs is not a new one. According to one of the participants of WASC Mailing List, this technique can be occasionally found among exploits published at the site milw0rm.com. However, application of this method allows one to successfully bypass filters used in most modern WAFs particularly, a productive one - mod_security . So, what is the essence of this technique Let us consider it by examples of SQL Injection exploitation. It is often necessary to have two or more user parameters in one SQL query, for example At the stage of verifying the parameter values received from the user on the level of web application, the application is capable of operating with variables of web server only and WAF depending on the mode is capable of operating directly with raw HTTP data. However, regardless of the method of accessing data, it comes to using certain regular expressions regexps for each separate parameter. I.e. Thus, if one divides the logic of the SQL query among several parameters that enter this SQL query and then concatenates these pieces using comments, it will become possible to bypass the described filters a 1 union b select 1,2 a 1 union b select 1,pass c from users Here, regexps will not work SQL queries become Since comments are ignored, the queries in fact are select from table where a 1 union select 1,2 select from table where a 1 union select 1,pass from users One can notice that considering the attack vector, HPF is very similar to HPP HTTP Parameter Pollution , but in contrast to the latter one, the HPP implementation is aimed at exploitation of vulnerability in the web application, not in the application environment. Of course, both attack methods can supplement each other. For example, combination of two techniques can be used if SQL code is sequentially injected into two SQL queries Let us assume that output is displayed only if both queries don t return a DB error. Then it becomes possible to combine HPP and HPF methods and use union instead of Blind SQL Injection. Here is an example a 1 union a select 1,2 b ,3 SQL queries will take on a correct form select id,user,email from table where a 1 union select 1,2,3 select id,user from table where a 1 union select 1,2 Sources antichat http forum.antichat.ru showpost.php p 911841 postcount 2 antichat http forum.antichat.ru showpost.php p 970729 postcount 3 OWASP EU09 Luca Carettoni, Stefano diPaola http www.owasp.org images b ba AppsecEU09_CarettoniDiPaola_v0.8.pdf Lavakumar Kuppan, http lavakumar.com Split_and_Join.pdf WASC Mailing List, http www.webappsec.org lists websecurity archive 2009-08 msg00080.html CC09 Dmitry Evteev, http www.ptsecurity.com download PT-devteev-CC-WAF-ENG.pdf Dmitry Evteev blog, http devteev.blogspot.com 2009 09 http-parameter-fragmentation-hpf-web.html
Les mots clés de la revue de presse pour cet article : bypass security
Les videos sur SecuObs pour les mots clés : bypass security
Les mots clés pour les articles publiés sur SecuObs : security
Les éléments de la revue Twitter pour les mots clé : bypass security
Les derniers articles du site " Positive Technologies Research Lab" :
- RFI over SQL Injection Cross-Site Scripting
- Magic Quotes
- Methods of Quick Exploitation of Blind SQL Injection
- Juniper JUNOS Remote Kernel Crash Flaw
- WASC Threat Classification v2.0 is Out
- Over 32 million accounts have been compromised the result of an attack on the RockYou.com site
- HTTP Parameter Fragmentation HPF is one of the methods to bypass security filters in web applications
- non blind SQL Injection
- Password analysis for Windows Live Hotmail users
- Another fine method to exploit SQL Injection and bypass WAF
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
