problem:
Config is a file where user store sensitive information related to his site but an attacker can download or access this file and decrypt the data to sent to the client( like view state data in page)because there is vulnerability in the asp.net.
Actually the problem is in asp.net cryptographic system which provides hints to the attacker to know the pattern of the original data.and attacker can collect much information to decrypt the rest cipher data with the help of error message and request.
Solution:
Microsoft released a security patches for this u must download and install in your server.
u can also make custom error message for all types of error.
Everytime when an error occurred if u r showning system error message , it might be help to the attacker to know the flaw so please use own custom error message and try to redirect on your error message page when an error occurred.
Don't make a special error page for 400,500 etc. error
if u want to know the vulnerability of config file
type this command on root where your application installed
cscript DetectCustomErrors.vbs
now it will show the vulnerability message with config file if your config file is vulnerable.
to solve this problem just make an error message page
http://www.youtube.com/watch?v=yghiC_U2RaM
Two researcher Thai Duong and Juliano Rizzo demonstrated flaw in a video
In the first step they r showing that how we get key from a DotnetNuke CMS application with the help of POET.and then generate a cookies to login as superuser and same process can be used with any dotnet application.
In the next phase they use Cesar Cerrudo’s Token Kidnapping attack to gain SYSTEM privilege on the Windows server hosting DotNetNuke.
No comments:
Post a Comment