Web Service Hijacking in VMWare WebAccess
Advisory:
Analysis:
Web application developers tend to use reversible hash algorithms like Base64, rot13 for hiding sensitive information in POST data and query string. Scanning this kind of web application with automated tools will be a failure and this kind of vulnerability will not be discovered because current web application scanners are programmed to fuzz.
Check:
Look for all possible encrypted data and their algorithms.
Decrypt data and re-submit with tampered data.
Learn application behavior whether it fullfills your tampered request or not.
Related:
This vulnerability can be logically related to view state tampering of ASP.Net/JSF/JSP where developers mostly store sensitive information in View State data.
Trustwave's SpiderLabs Security Advisory TWSL2010-002
Web Service Hijacking in VMWare WebAccess
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-002.txt
Published: 2010-03-30 Version: 1.0
Analysis:
Web application developers tend to use reversible hash algorithms like Base64, rot13 for hiding sensitive information in POST data and query string. Scanning this kind of web application with automated tools will be a failure and this kind of vulnerability will not be discovered because current web application scanners are programmed to fuzz.
Check:
Look for all possible encrypted data and their algorithms.
Decrypt data and re-submit with tampered data.
Learn application behavior whether it fullfills your tampered request or not.
Related:
This vulnerability can be logically related to view state tampering of ASP.Net/JSF/JSP where developers mostly store sensitive information in View State data.
Comments
Post a Comment