<< January 11, 2010 | Home | January 13, 2010 >>

About

Welcome to Ivan Buetler's Blog!

RSS | Atom | E-mail

Navigate

Categories | Tags | Advanced Search

Tags

Recent Blog Entries

Compass Event 2010 - Countdown
Hi all, Have you ever organized a Sec Conference? Since 11 years, I try to fix everything for the event some days in advance. But look at the time of this post - some hours only in advance and everything seems to be prepared for the annual Compass Event ...
Compass Security Artikel in NZZ
In der Online- und Print Ausgabe der NZZ vom 7. September 2010 wird die Compass Security als Ethical Hacking und Penetration Testing Company erklärt. Frau Yoker hat uns während rund 2 Stunden besucht und diverse Fragen rund um das Thema IT ...
Nicolas Seriot (BH Speaker) at Compass Event 2010
Apple's AppStore moves the burden of security management from the user to the vendor by semi automatically verifying each of the 200 000 applications and their updates. Moreover, when an application is downloaded on the iPhone, a sandboxing ...
Covert Channel Attack - SANS Reading
APT (advanced persistent threat) and other cyber crime communities are using the so-called INSIDE-OUT or COVERT CHANNEL attack vector for their investigations. It is the most promising approach for getting long-term access into every company world-wide. ...
New Hacking-Lab LiveCD 4.3 available
Dear Blog reader, We are proud to release the next version of our Hacking-Lab LiveCD. The Ubuntu based LiveCD comes as VirtualBox appliance or simple ISO image and implements a standardized client for Hacking-Lab Remote, our remote security lab. ...
Compass Event 2010
Hallo, Gerne möchten wir Sie auf den kommenden Compass Event 2010 vom 9.September 2010 aufmerksam machen. Wir haben interessante Themen für Sie vorbereitet mit verschiedenen Schwerpunkten zu folgenden Security Themen: * iPhone Hacking ...
Facebook Username Enumeration - 150 MB File
Es gibt bei Web Anwendungen das Security Problem "Username Enumeration". Oftmals wird das Problem etwas belächelt, weil die Identifikation von gültigen Username nicht so tragisch dargestellt wird. Doch wie verhält es sich bei ...
Malware Analysis durch Visuelle Effekte
Die Analyse von Malware ist traditionell in die statische und dynamische Untersuchung unterteilt. Bei der statischen Analyse versucht man den Inhalt der ausführbaren Datei ohne eine Ausführung zu beurteilen. Bei der dynamischen Analyse ...
Pre-Announcement - Swiss Cyber Storm 3
Dear Blog Reader, Back from holiday, I am proud to inform about the progress of Swiss Cyber Storm 3, the leading edge Swiss Security Conference in May 2011! For the third time and past success we have been having, the next Swiss Cyber Storm 3 Conference ...
OWASP Guide Online
Ever wanted to know how to defeat web hacking attacks - what to do with the identified OWASP TOP 10 vulnerabilities? I really much appreciate the OWASP TOP 10 papers, but when it comes to mitigation and remediation, everything is deeply hidden somewhere. ...

Second Order Injection - Terminal Breakout

What is Second Order Injection? In some cases the attackers are able to store their malicious code into a storage area of a web application that may be executed at later time or date. Some smart "hackers" change the Browsers "User Agent" into a Cross Site Scripting pattern and when the log is analyzed at later time, a successful cross site scripting exploitation could be executed.

This is all known - but one could insert special characters that have a special meaning in your shell (bash/csh/ksh/..) to exploit a "grep" or "tail" command once the log is analyzed manually with a terminal.

The authors name it as "log escape sequence injection". A large list of web application servers are vulnerable! (not Apache)

Please review the alert message from the authors.

Have a safe day

Ivan

Add a comment is disabled

Posted by Ivan Buetler on January 12, 2010 8:28:00 AM CET #

January 2010
Sun	Mon	Tue	Wed	Thu	Fri	Sat
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31
Dec \| Today \| Feb

2010 September (2) August (7) July (1) June (3) May (5) April (5) March (4) February (4) January (6)	2009 December (5) November (7) October (7) September (10) August (7) July (3) June (7) May (9) April (6) March (7) February (6) January (8)
2008 December (3) November (8) October (24) September (10) August (6) July (4) June (20) May (18) April (16)