Definition:
Malicious file execution vulnerabilities are found in many applications. Developers will often directly use or concatenate potentially hostile input with file or stream functions, or improperly trust input files.
On many platforms, frameworks allow the use of external object references, such as URLs or file system references. When the data is insufficiently checked, this can lead to arbitrary remote and hostile content being included, processed or invoked by the web server.
This allows attackers to perform:
1. Remote code execution when using runtime.exec()
2. Remote root kit installation and complete system compromise when an attacker can upload backdoors
3. Accessing sensitive files like web.xml than contain configuration properties like usernames and passwords for back-end databases
Protection:
Preventing remote file include flaws takes some careful planning at the architectural and design phases, through to thorough testing.
In general, a well-written application will not use user-supplied input in any filename for any server-based resource (such as images, XML and XSL transform documents, or script inclusions), and will have firewall rules in place preventing new outbound connections to the Internet or internally back to any other server.
However, many legacy applications will continue to have a need to accept user supplied input.
Among the most important considerations are:
• Use an indirect object reference map Where a partial filename was once used, consider a hash of the partial reference.
Instead of
select name=”language”>
Use
select name=”language”>
• Consider using salts to prevent brute forcing of the indirect object reference. Alternatively, just use index values such as 1, 2, 3, and ensure that the array bounds are checked to detect parameter tampering.
• Add firewall rules to prevent web servers making new connections to external web sites and internal systems. For high value systems, isolate the web server in its own VLAN or private subnet
• Check user supplied files or filenames cannot obviate other controls, such as tainting data in the session object, avatars and images, PDF reports, temporary files, and so on
.Net Overview:
Refer to the documentation on partial trust, and design your applications to be segmented in trust, so that most of the application exists in the lowest possible trust state possible.
For more information check Microsoft’s site.
http://msdn.microsoft.com/en-us/library/ms364059(VS.80).aspx
http://msdn.microsoft.com/en-us/library/3ak841sy(VS.80).aspx
Hiç yorum yok:
Yorum Gönder