lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1099433954.10524.264.camel@bobby.exaprobe.com>
Date: Tue, 02 Nov 2004 23:19:14 +0100
From: Nicolas Gregoire <ngregoire@...probe.com>
To: bugtraq@...urityfocus.com
Subject: Re: New Whitepaper - "Second-order Code Injection Attacks"


Le lun 01/11/2004 à 18:36, Gunter Ollmann a écrit :

> NGS Software is pleased to make available a new whitepaper about
> second-order code injection attacks.

Class 3 attacks are often met in large corporations where the Web is the
standard way (for both internal employées and "clients") to interact
with the corporate data.

I've seen some webapps audits where :
- malicous data can be inserted via the main corporate website by
anybody with a valid email
- the main processing is done deep in the internal network, through the
Intranet 
- the Intranet *must* (corporate policy) be configured as Fully Trusted
in Internet Explorer, allowing the attacker to use, for example,
unsigned ActiveX to hack internal machines.

Not sanitizing input is bad, but storing it for later processing with
different privileges is much worse ...

-- 
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire@...probe.com ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F  FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ