Mar 04

Improve File Uploaders’ Protections – Bypass Methods- Rev. 1.0

Security Articles No Comments »

Some new methods of bypassing file uploaders protections have been discussed. As an example bypassing by using: trailing spaces and dots, “::$data.”, direct Null char, IIS semi-colon  bug, and so on.

Uploading files by using web applications is very common. However, there is always a high risk around this matter. In case of uploading a web-shell file which can be absolutely malicious, an attacker can get the same privilege of access as the web application to the server. In this paper, which is mostly around the Windows-based web applications, some general solutions for protecting against this type of attack have been suggested. Moreover, as a proof of concept, some of the most general protection methods and the way of bypassing them have been discussed.

This article is an educational article to improve the security of the web applications. And, the author of this article (“Soroush Dalili”) does not accept and has no responsibility about the content or usage of this article in any other way. Any other usage of this article except the legal ones is completely prohibited.

Please respect the copyright and mention the name of the author (“Soroush Dalili”) in case of using this article.

Download this article by clicking here. (http://soroush.secproject.com/downloadable/Improve File Uploaders’ Protections.pdf)

 

Tagged with:
Dec 25

Browsers’ Pain: A recursive function!

Security Articles, Security Posts No Comments »

I have written a recursive function by using Javascript “setInterval” function which calls itself. Unfortunately, none of the last version of famous browsers such as Internet Explorer (8), Chrome (3.0.195.38), and Mozilla Firefox (3.5.6) blocks this script. Moreover, it takes more than 50% of my CPU which is Intel Core 2 Dou 2.50 GHz.
And the worst one is Mozilla Firefox which stops working after running this script instead of showing a page to stop the script.
This script is:

<script>
function recursiveFunc(){setInterval(“recursiveFunc()”,1);}
recursiveFunc();
</script>

Just save it as an HTML file, and try to open it with your browsers. You can convert “1” to “0” to get better result in Mozilla Firefox and Chrome.
I reported it to Mozilla Firefox as a bug.
Good luck.

Tagged with:
Dec 05

Google captured my privacy!

Normal Posts, Security Articles 2 Comments »

Google will be the best Firewall and Forensic Tool of the near future!

Google will (or already) know the users’ information!

News:

“Google pushes security with Public DNS” -> So, Google DNS can collect all the websites which is viewed by the users …

“Browsers use Google to detect web forgery -> So, a browser send a request to Google before openning a website for you! …

“The best search engine for all” -> So, Google can collect your keywords! …

“The best public mail service” -> So, Google can collect your emails …

“Google owned Youtube” -> So, Google can collect your videos …

“Google codes” -> So, Google can collect your source codes …

“Google documents” -> So, Google can collect your documents …

“Google photos” -> So, Google can collect your photos …

“Google messenger” -> So, Google can collect the messages …

“Most of the websites use Google web analyzer (tracker)” -> So, Google can track the websites’ information and also their customers! …

“Google Wave” -> So, Google can collect the blogs ,e-mails, instant messaging, FTPs, social networking’s, and so on’s information! …

“Google powerful translators” -> So, Google can understand why you are saying in other languages!

“Searchable images/sounds/videos by text or another object!” -> So, Google can search in users’ collected data …

“Chrome OS” -> So, Google can do anything with your computer …

AND etc (see http://www.google.co.uk/intl/en/options/ and http://www.googlelabs.com/)…

We are waiting for the most powerful shopping centre by Google!

However, we should trust Google in order to have happier and easier life!

Google = No Pain, No Gain!

Best wishes ;)

Soroush

Tagged with:
Nov 29

My belief: 70% of websites are vulnerable

Security Articles, Security Posts No Comments »

When I was searching for a ticket in nationalrail.co.uk website, I suddenly found an XSS and also a SQL Injection vulnerabilities in it.

I reported these two vulns. to its website just for having more security. And, I think these two vulnerabilities are fixed now.

However, I believe that still 70% of webistes are vulnerable against the OWASP TOP 10!

Also, I think you should read “Survey: Majority of Web sites vulnerable” as well.

Cheers,

Soroush

Tagged with:
Nov 29

How to stop hardware key-loggers

Normal Posts, Security Articles 1 Comment »

Nowadays new generations of hardware key-loggers are emerged, and unfortunately attackers are using them intensively to steal the keystrokes of users. These key-loggers are OS independent and are in different shapes. They are even capable of stealing the BIOS password. Most of them look like a convertor for PS/2 and/or USB to PS/2 and/or USB (Fig. 1). Besides, some of them are chipsets which are embedded in the keyboard itself (Fig. 2). And others use electromagnetic features to steal the keystrokes which are put around the wire of the keyboard or work remotely by capturing the frequency spectrum of the keyboard communication[1]. The problem is that these hardware key-loggers have become very cheap and simply available[2]. Moreover, there are some free articles about how to make their circuits[3].

Simple Hardware Keyloggers

Figure 2. Embeded Hardware Keylogger

So, how can we stop it if we could not remove its hardware from our computer or there is a danger of electromagnetic key-logger?

The first and the simplest idea is using an on-screen keyboard and click on it by using a mouse. However in order to get the best result, this on-screen keyboard should be dynamic in order to prevent a hardware key-logger for the mouse itself, which captures the mouse movements and its clicks. Another way is using encryption between the keyboard and its driver. For instance, there is no doubt that by using TPM and having strong encryption methods between keyboard and motherboard (or OS itself), the keyboard can encrypt the keystrokes before sending them to the computer. But, I want to be more initiative. Another idea can be using an optical-dynamic keyboard device which shows a keyboard on your desk or on your palm, and you can touch it in order to press a key (Fig. 3). There is also an application which claims that it can detect a hardware key-logger, but I have not tried it yet and I think it is still possible to hide a hardware key-logger completely from the OS.

Figure 3.

Figure 3.

This text is completely based on my own idea, so please respect the copyright.

[1] http://keznews.com/4985_Researchers_hack_wired_keyboards__hijack_keystrokes

[2] http://www.google.co.uk/products?q=hardware+keylogger

[3] http://derek.chezmarcotte.ca/?page_id=24

.

So, how can we stop it if we could not remove its hardware from our computer or there is a danger of electromagnetic key-logger?

The first and the simplest idea is using an on-screen keyboard and click on it by using a mouse. However in order to get the best result, this on-screen keyboard should be dynamic in order to prevent a hardware key-logger for the mouse itself, which captures the mouse movements and its clicks. Another way is using encryption between the keyboard and its driver. For instance, there is no doubt that by using TPM and having strong encryption methods between keyboard and motherboard (or OS itself), the keyboard can encrypt the keystrokes before sending them to the computer. But, I want to be more initiative. Another idea can be using an optical-dynamic keyboard device which shows a keyboard on your desk or on your palm, and you can touch it in order to press a key (Fig. 3). There is also an application which claims that it can detect a hardware key-logger, but I have not tried it yet and I think it is still possible to hide a hardware key-logger completely from the OS.

This text is completely based on my own idea, so please respect the copyright.

[1] http://keznews.com/4985_Researchers_hack_wired_keyboards__hijack_keystrokes

[2] http://www.google.co.uk/products?q=hardware+keylogger

[3] http://derek.chezmarcotte.ca/?page_id=24

Tagged with:
Previous Entries
preload preload preload