The famous web application set up diagram. Walk through each component, mention their roles. Web client - HTTP connections Firewall - lets in only HTTP requests, and allows only outbound HTTP responses Web server - handles all initial requests Applications - run either on the web server, or on app servers Database - SQL databases, and connection interfaces
Defending against the worst web-based application vulnerabilities of 2010
Date: Monday, 19 April 2010 Time: 3:45pm - 5pm
Founder and Director, Blueinfy; Author, Web 2.0 Security and Web Hacking: Attacks and Defense
Major Overlap in Web Apps Presentation Layer Business Layer Utility Layer Data Access Authentication Communication etc . Runtime, Platform, Operating System Components Server side Components Client side Components (Browser)
Next Generation Architecture HTML / JS / DOM RIA (Flash) Ajax Browser Internet Blog Web 2.0 Start Database Authentication Application Infrastructure Web Services End point Internet Mails News Documents Weather Bank/Trade RSS feeds
We have SQL injection point but it is not throwing any error message out as part of its response. Application is sending customized error page which is not revealing any signature by which we can deduce potential SQL flaw.
Knowing SQL injection point or loophole in web application, xp_cmdshell seems to be working. But we can’t say is it working or not since it doesn’t return any meaningful signature. This is “blind xp_cmdshell”.
Firewall don’t allow outbound traffic so can’t do ftp, tftp, ping etc from the box to the Internet by which you can confirm execution of the command on the target system.
We don’t know the actual path to webroot so can’t copy file to location which can be accessed over HTTP or HTTPS later to confirm the execution of the command.
If we know path to webroot and directory structure but can’t find execute permission on it so can’t copy cmd.exe or any other binary and execute over HTTP/HTTPS.