Check asp.net security vulnerabilities and Countermeasures

Source: Internet
Author: User
Tags anonymous net bug root directory
Asp.net| Security | Vulnerability on NT-BUGTRAQ mailing list first reported security bugs in. NET Forms authentication apply to ASP.net 1.0 (RTM, SP1, SP2, SP3) and Asp.ne T 1.1 (RTM, SP1).



When a form authentication is used, an anonymous user is redirect to a login page such as http://when attempting to access a protected page such as Http://localhost/WebApplication2/secret.aspx Localhost/webapplication2/login.aspx? Returnurl=%2fwebapplication2%2fsecret.aspx.



But if you use Mozilla, anonymous users can access the protected page without authentication: http://localhost/webapplication2\secret.aspx; for IE, you can use%5C to achieve a similar effect: http:// Localhost/webapplication2%5csecret.aspx



On October 5, Microsoft released what you Should Know about a reported vulnerability in Microsoft ASP. NET Web page to provide countermeasures against this vulnerability. The current response is primarily to increase the number of checks in the Application_BeginRequest, as described by KB887459, in Global.asax or its code-behind



if (Request.Path.IndexOf (' \ ') >= 0 | | System.IO.Path.GetFullPath (Request.PhysicalPath)!= Request.PhysicalPath) {throw new HttpException (404, "not f    Ound "); }
It is clear that each application needs to have such checks to address this security vulnerability. Microsoft will also provide other countermeasures, please pay attention to what you Should Know about a reported vulnerability in Microsoft ASP. NET Web page update.



For ASP.net 2.0 Beta1, there was a 404 error without this vulnerability.



The post is provided "as is" and there is no warranty and no rights granted.

Posted in Thursday, October, 1:53 AM

Comments
# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/7/2004 8:49 AM Tommywoo
Http://localhost/WebApplication2%5Csecret.aspx


I've tried, no. IE version problem?

# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/7/2004 9:40 AM R2
Oh, what a terrible thing! I'm glad I used Beta1.

# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/7/2004 9:43 AM R2
Is Microsoft's form certification so vulnerable??

# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/7/2004 10:09 AM Wonge
This error does not occur under Windows 2003: Http://localhost/WebApplication2%5Csecret.aspx?

# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/7/2004 10:12 AM Sun Zhenbo
I am using the XPSP2 OS and its band IE6 validated.
From what to Should Know about a reported vulnerability in Microsoft ASP. NET Web page, Windows 2003 server also has this problem. This is a asp.net bug rather than an OS bug.

# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/7/2004 10:44 AM lostinet
A terrible loophole ~ ~ ~ ~
The solution can be a simple ihttpmodule and register it in the GAC and Machine.config.


# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/7/2004 1:21 PM Flashtoy
I tried to do it by way of method.
Scared me half to death!
Http://www.creva.org.cn/creva/orgshow.aspx

# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/7/2004 6:19 PM Tommywoo
The friend upstairs, I thought of.


Because we use the Ie,ie to use this loophole, we have to use%5c to replace the symbol ...

All two of us are validated in the first-level subdirectory of the root directory, like yours, with http://www.creva.org.cn%5Ccreva/orgshow.aspx.

Obviously there is a problem here, what is the domain name? Here the domain name is represented as "Www.creva.org.cn%5Ccreva" instead of the actual domain name "www.creva.org.cn".

I think the problem should be here, the show is using a subdirectory under the virtual directory, so there's that vulnerability.

You can try it with Mozilla's symbol.

# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/7/2004 6:25 PM Blue Space
There's a problem, fix it.

# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/7/2004 6:38 PM libber
Why can't I test it out? NET Framework 1.1 SP1

# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/7/2004 8:28 PM kwklover
I tested it too, no problem.
We can test this website


# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/7/2004 8:33 PM erictang2003
I did not test out, with IE6 and FireFox1.0 did not try to come out.
But I changed the code just in case.

# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/8/2004 12:10 AM Xiaoheng
Test, no problem found!!!!

# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/8/2004 9:09 AM gigabyte
This can be added to the Global.asax to solve:

void Application_BeginRequest (object source, EventArgs e) {
if (Request.Path.IndexOf (' \ ') >= 0 | |
System.IO.Path.GetFullPath (Request.PhysicalPath)!= Request.PhysicalPath) {
throw new HttpException (404, "not Found");
}
}

Here's an explanation of MS:
Http://www.kbalertz.com/kb_887459.aspx
# Re:ASP.NET Form Authentication security Vulnerabilities and Countermeasures 10/8/2004 1:14 PM Michael Lee
God! News!!!

This kind of problem can be out. There is also a previous one of the GDI + bug, but it is amazing.



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.