[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] ASHX, ASMX or What?
- To: Nahuel Grisolia <nahuel@xxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] ASHX, ASMX or What?
- From: Christian Sciberras <uuf6429@xxxxxxxxx>
- Date: Fri, 24 Jun 2011 18:37:35 +0200
You shouldn't filter against known files, but do the reverse, you should
filter against known good files.
Oh and the medium you decide to throw this data should have special checks
against execution etc...
On Fri, Jun 24, 2011 at 6:16 PM, Nahuel Grisolia <nahuel@xxxxxxxxxxxxxx>wrote:
> List,
>
> Imagine that you're in front of an """"insecure"""" file upload in the
> context of an IIS6,7 (no ;.jpg :P) and the regex filtering the file is
> like:
>
> [anything].asp[anything] (yeah, my.aspirator.jpg is filtered hehe)
>
> No .aspx, no .asp and no .aspx;jpg even if the server is vulnerable...
>
> So... is there any way to bypass this control? Like uploading a
> malicious Webservice (can we simply upload a Webservice file? I think
> they need to be precomplied first) or something like that?
>
> Thanks a lot!
>
> regards,
> --
> Nahuel Grisolia - C|EH
> Information Security Consultant
> Bonsai Information Security Project Leader
> http://www.bonsai-sec.com/
> (+54-11) 4777-3107
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/