[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] White Paper: 0x00 vs ASP file upload scripts
- To: "Full-Disclosure@Lists. Netsys. Com" <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: [Full-Disclosure] White Paper: 0x00 vs ASP file upload scripts
- From: "Brett Moore" <brett.moore@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 13 Jul 2004 14:52:26 +1200
We are proud to announce the release of our latest white paper
titled 0x00 vs ASP file upload scripts.
.Abstract.
The affects of the `Poison NULL byte` have not been widely
explored in ASP, but as with other languages the NULL byte
can cause problems when ASP passes data to objects.
Many upload systems written in ASP suffer from a common
problem whereby a NULL byte can be inserted into the filename
parameter leading to any extension, after the null byte,
being ignored when writing the file.
This means that in some cases it is possible to bypass
checks for valid extensions, even if one is appended by the
application. This is very similar to attacks against perl and
PHP, the difference being how the null byte is sent to the
application.
This problem arises when data is compared and validated in ASP
script but passed to the FileSystemObject without checking for
NULL bytes.
This document will discuss how ASP upload scripts can be
affected by the Poison NULL byte attack.
.Download.
This white paper is freely available for download from our website
www.security-assessment.com under the releases->white papers section.
Any feedback or follow up to this is most welcome,
Regards
Brett Moore
Network Intrusion Specialist, CTO
Security-Assessment.com Ltd
www.security-assessment.com
######################################################################
CONFIDENTIALITY NOTICE:
This message and any attachment(s) are confidential and proprietary.
They may also be privileged or otherwise protected from disclosure. If
you are not the intended recipient, advise the sender and delete this
message and any attachment from your system. If you are not the
intended recipient, you are not authorised to use or copy this message
or attachment or disclose the contents to any other person. Views
expressed are not necessarily endorsed by Security-Assessment.com
Limited. Please note that this communication does not designate an
information system for the purposes of the New Zealand Electronic
Transactions Act 2003.
######################################################################
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html