| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 02 Nov 2004 23:19:14 +0100 From: Nicolas Gregoire <ngregoire@...probe.com> To: bugtraq@...urityfocus.com Subject: Re: New Whitepaper - "Second-order Code Injection Attacks" Le lun 01/11/2004 à 18:36, Gunter Ollmann a écrit : > NGS Software is pleased to make available a new whitepaper about > second-order code injection attacks. Class 3 attacks are often met in large corporations where the Web is the standard way (for both internal employées and "clients") to interact with the corporate data. I've seen some webapps audits where : - malicous data can be inserted via the main corporate website by anybody with a valid email - the main processing is done deep in the internal network, through the Intranet - the Intranet *must* (corporate policy) be configured as Fully Trusted in Internet Explorer, allowing the attacker to use, for example, unsigned ActiveX to hack internal machines. Not sanitizing input is bad, but storing it for later processing with different privileges is much worse ... -- Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information ngregoire@...probe.com ------[ ExaProbe ]------ http://www.exaprobe.com/ PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
Powered by blists - more mailing lists