A video of the POET-tool — used to exploit the ASP.NET padding oracle vulnerability — have been published to show the tool in action. The video shows the steps taken by the tool to compromise the web.config file of the application, which in this example contains the ASP.NET machine keys.
Following the results presented in the Usenix paper by Rizzo and Duong, the tool does not compromize the keys directly, but rather relies on the oracle to create a valid ciphertext which in turn can be used to retrieve the web.config from the application. The machine keys are not completely lost until the web.config is served as a regular file by ASP.NET.
Access to the machine keys enables forging of viewstates — as well as Forms authentication cookies. Apparently, a DotNetNuke cookie can be forged to log the attacker in as a superuser.
What happens after this is not related to the current ASP.NET vulnerability, but is related to a different vulnerability. Shell access is obtained to the machine through a known attack, and is carried out by installing a new module in DotNetNuke.
We'll return to the forged DotNetNuke cookie. Why is this possible? Well, yes, the encryption key and signing key for an authentication cookie are both compromised. Still, it's possible to tighten up session security in DotNetNuke. An authentication cookie should be tied to some server side state. When it's not, like in this demo, the entire authentication procedure can be skipped and rendered useless — unfortunately a very common setup in ASP.NET applications. In other words, losing your machine keys should not immediately lay open the road to log in to your application as a superuser!
I'll be blogging more about ASP.NET session management, and the whole "authorization based exclusively on client controlled state" idea. It's an important, though somewhat complicated matter.
Software security blog by André N. Klingsheim, who's learning to love .NET and Microsoft servers.
Disclaimer
Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).
Sep 24, 2010
Subscribe to:
Post Comments (Atom)
Copyright notice
© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.
Read other popular posts
-
Visual Studio Online looks pretty cool so I’ve decided that I'll use it for the next NWebsec release. The project setup was relatively...
-
I just ran into a weird problem while creating a bootable USB-stick, it was impossible to do a full copy of the files from an .iso. I tried...
-
Security headers in an HTTP response There are many things to consider when securing a web application but a definite "quick win...
-
Microsoft's widely used e-mail service Hotmail was recently overhauled and rebranded Outlook.com. One of the less known services they pr...
-
The release of Firesheep a week ago brought a lot of attention to a problem that has been known for many, many years: cookies sent over both...
-
I guess it was long overdue for me to follow up on my Hardening Windows Server 2003 SSL/TLS configuration and Windows server 2003 vs 20...
-
Though Windows Server 2003 has been around for a while, we'll still see them around the Internet for many years to come. Despite their u...
-
Just a quick note on an error I often run into when I'm working on my Azure applications. I usually create Azure packages and upload the...
-
I just discovered that Facebook reveal to search engines the users who "Like" a page , regardless of their privacy settings. Try a...
-
Recently I wrote a piece of software that needed some configurable secrets — and they needed to be VERY secret. Consequently, I had to encry...
louboutin pas cher
ReplyDeleteferragamo belt
mcm outlet
patriots jerseys
bulls jerseys
adidas soccer shoes
giuseppe zanotti shoes
coach factory outlet
timberland boots
salvatore ferragamo
chenlina20170421
20170518 leilei3915
ReplyDeleteprada outlet store
nike outlet store
polo ralph lauren outlet
ralph lauren polo shirts
fred perry polo shirts
polo outlet
canada goose
cheap ugg boots
polo ralph lauren outlet online
true religion outlet
20170929 leilei3915
ReplyDeletepolo ralph lauren outlet online
michael kors outlet online
kate spade outlet
yeezy boost
christian louboutin sale
mlb jerseys
polo shirts men
coach outlet
coach outlet store online
ralph lauren
It's great that you can learn something just watching video online. I found this recently and it was really useful.
ReplyDeleteOnline Assignment Expert is a milestone-setting assignment help providing company classifying under academics writing of different types. Our trait to make sure that we bestow assignment help without any mistakes. The same has one hearts and minds of over a million students around the globe. Our Ratio analysis assignment help experts say that this is what you aim for in your studies. We are no different. We have ensured this motto is followed by each of our engineering assignment writing experts, who are also research scholars. Our experts are certified and experienced professionals in the Strategy & Planning Assignment Help discipline.
ReplyDeleterussell westbrook shoes
ReplyDeletecheap jordans
red bottom shoes
coach factory outlet
kyrie irving shoes
nike air max 270
off white x nike
adidas gazelle
nike shoes
michael kors outlet store
Good information and, keep sharing like this.
ReplyDeleteCrm Software Development Company in Chennai
Great Sound, you provided a valuable information.
ReplyDeletewordpress ecommerce development company chennai
Thanks for this valuable information sharing, and i learned a lot and cleared my all doubts in this.. keep posting like this useful information.
ReplyDeletepost free classified ads in india
Thanks for this valuable information sharing, and i learned a lot and cleared my all doubts in this.. keep posting like this useful information.
ReplyDeleteScaffolding Dealers in Chennai
Aluminium Scaffolding Dealers in Chennai
Thanks for sharing this wonderful information. I hope you will share more helpful information regarding the content.
ReplyDeleteweb portal development company in chennai
Thanks for sharing this wonderful information. I hope you will share more helpful information regarding the content.
ReplyDeletescaffolding dealers in chennai
aluminium scaffolding dealers in chennai
fakaza download, mp3 fakaza, fakaza download mp3, fakaza songs, fakaza music, fakaza 2019, fakaza songs download, fakaza song download, download fakaza music, fakaza album, amapiano fakaza, amapiano, fakaza 2018, fakaza 2019 songs, fakaza music mp3, gqom, mlindo fakaza, sjava fakaza, fakaza gqom, fakaza king monada
ReplyDeleteHello! This is my first visit to your website! Your website provided us useful information to work on. Would like to visit this website again and again.
ReplyDeleteapp development
india mobile app development
mobile app development
develop mobile app
ASP.NET is a developer platform made up of tools, programming languages, and libraries for building many types of applications. This is a good platform for earning money. Coursework writing services.
ReplyDeletewow this is one of the best asp.net padding video that I have ever seen so far go here for details.
ReplyDeletegoogle 3682
ReplyDeletegoogle 3683
google 3684
google 3685
google 3686
official source high end replica bags Continue pop over to these guys like it dolabuy replica
ReplyDeletewhile we saw ASP.NET padding oracle vulnerability, the video lag at the middle
ReplyDeleteASP.NET is not easy for everyone to learn it's a really complicated coding language but this tool is also in demand in the web development market. Hire someone to do my online class.
ReplyDeleteThese types of videos always helps students in their exam season as sometimes they are not able to understand the topic in class due to various reason. For that purpose they are in search of some external help. They can also pay someone to do my online class to get the best grades in their exams.
ReplyDeleteAs web developers, we are always aware of the latest security threats. Recently, there has been a new security threat that we should be aware of - POET-tool exploits ASP.NET padding oracle vulnerability to compromise machine keys.
ReplyDeletePOET-tool is a remote access tool that allows attackers to control and monitor targets. POET-tool exploits a vulnerability in ASP.NET that allows attackers to inject malicious content into requests and injects the contents of arbitrary files into responses. This allows attackers to execute malicious code on the target machine, access sensitive data, and steal secrets.
To exploit this vulnerability, POET-tool requires that the user be authenticated using an ASP.NET user ID and password. Once the attacker has access to these credentials, they can exploit the padding oracle vulnerability to compromise machine keys.
This is a serious vulnerability that requires all developers using ASP.NET to be aware of it and take appropriate action to protect their machines. By following these simple steps, you can protect your machine from attack and keep your data safe.
เปิดร้านส้มตำ สร้างยอดขาย ด้วยเทคนิค pg slot game อยากเปิด ร้านส้มตำเล็กๆ สร้างยอดขายหลักแสน หลักล้าน ไม่ยากอย่าง ที่คิด วันนี้ pg slot game สร้างอาชีพ จะมาเผยสเต็ปเคล็ดไม่ลับ
ReplyDeleteStudent's pursuing web development as a career can checkout this blog.
ReplyDeleteThe video on the ASP.NET padding oracle vulnerability is incredibly insightful, shedding light on a critical security flaw that web developers must address. Understanding how this vulnerability works and how to mitigate it is crucial for maintaining secure applications. As someone who's also into car parts manchester, I can appreciate the importance of attention to detail, whether it's in software security or finding the right component for your vehicle. Both fields demand precision and vigilance to ensure everything runs smoothly. This video is a must-watch for anyone serious about web security and protecting their systems from potential exploits.
ReplyDelete