SBDA âsame bug, different appâ - Security Assessment

More documents

Recommendations

Info

Some Historic SBDA Vulnerabilities • Long Web Server Filename /[buffer].htr /[buffer].jsp /[buffer].cfm • Long Web Server Parameter Name /null.ida?[buffer]=x /foo.htr?[buffer]=x • Long Web Server Header Value Content-Type: [buffer] Host: [buffer] • Chunked Encoding IIS -> foo.asp and foo.htr Apache Servers IPlanet Servers SBDA Across Multiple Unrelated Platforms Copyright Security-Assessment.com 2005
SBDA – The Conception • I Wanted To Find A Remote Vulnerability And it was going to affect IIS • Six Months Of My Life Fuzzing, Debugging, Disassembling • Turned Up Zilch, Zip, Nada, Nothing • Take A Step Back As is usual, the answer comes when you stop thinking of the question • The Methodical Approach To Finding Buffer Overflows The theory was to use existing known attack vectors to methodically test IIS components Copyright Security-Assessment.com 2005
Page 1 and 2: SBDA “same bug, different app”
Page 3: SBDA - What It’s Not • Not The
Page 7 and 8: How Can This Be Applied To Research
Page 9 and 10: The SBDA Advantage • Gives Resear
Page 11 and 12: The AV / Archive SBDA (in reverse)
Page 13 and 14: Packet vs File • Both Are Data Bo
Page 15 and 16: Some Common Test Methods • Fuzzin
Page 17 and 18: SDBA Theory In Practice • Some Ex
Page 19 and 20: The Long Value SBDA • Length Valu
Page 21 and 22: The Long Import SBDA • Jan, 2005
Page 23 and 24: The URL Handler SBDA • Mar 09, 20
Page 25 and 26: SBDA To The Test • Quick File Bas
Page 27 and 28: 2 nd Generation Vulnerabilities •
Page 29 and 30: Wrap Up • Same Bug, Different App

SBDA âsame bug, different appâ - Security Assessment

Create successful ePaper yourself

Delete template?

Save as template?

SBDA âsame bug, different appâ - Security Assessment