|
|
BugTraq
New Whitepaper - "Second-order Code Injection Attacks" Nov 01 2004 05:36PM Gunter Ollmann (gunter ngssoftware com) (2 replies) Re: New Whitepaper - "Second-order Code Injection Attacks" Nov 02 2004 01:45AM Crispin Cowan (crispin immunix com) (1 replies) Re: New Whitepaper - "Second-order Code Injection Attacks" Nov 02 2004 08:43PM Jeff Williams (jeff williams aspectsecurity com) |
|
Privacy Statement |
> NGS Software is pleased to make available a new whitepaper about
> second-order code injection attacks.
Class 3 attacks are often met in large corporations where the Web is the
standard way (for both internal employées and "clients") to interact
with the corporate data.
I've seen some webapps audits where :
- malicous data can be inserted via the main corporate website by
anybody with a valid email
- the main processing is done deep in the internal network, through the
Intranet
- the Intranet *must* (corporate policy) be configured as Fully Trusted
in Internet Explorer, allowing the attacker to use, for example,
unsigned ActiveX to hack internal machines.
Not sanitizing input is bad, but storing it for later processing with
different privileges is much worse ...
--
Nicolas Gregoire ----- Consultant en Sécurité des Systèmes d'Information
ngregoire (at) exaprobe (dot) com [email concealed] ------[ ExaProbe ]------ http://www.exaprobe.com/
PGP KeyID:CA61B44F FingerPrint:1CC647FF1A55664BA2D2AFDACA6A21DACA61B44F
[ reply ]