owasp-a5-Security Configuration Error

1. Security Configuration Error

Security configuration errors can occur at any level of an application stack, including platforms, Web servers, application servers, databases, frameworks, and custom code.

Developers and system administrators need to work together to ensure proper configuration of the entire stack. Automatic scanners can be used to detect patches that are not installed, misconfigured, default accounts

Use, unnecessary services, etc.

2. Attack cases

Case # #: The Application Server Administrator console has not been removed after automatic installation. And the default account has not been changed. The attacker found a standard on your server

Administrator page, log in with the default password and take over your server.
Case #: Directory list is not disabled on your server. The attacker found that simply listing the directory, she could find any file on your server. Attackers Find and download

All of the compiled Java classes, she gets all your custom code through decompile. Then, she finds a serious vulnerability in your application that has access control.
Case #: Application server configuration allows stack traces to be returned to the user, exposing potential vulnerabilities. Attackers are keen to collect additional information provided in the error message.
Case # #: Application Server comes with a sample application that is not removed from your production server. The example applies a known security vulnerability that could allow an attacker to exploit the vulnerabilities to compromise your server.

3. Demo

IIS Write permissions:

(1) Open IISPutScanner.exe Application Scan server, enter startIP192.168.1.119 and endIP192.168.1.119 (you can also set a network segment), click Scan

Scan, put to yes the server type is IIS, which indicates that there may be an IIS Write permission vulnerability.

(2) using the Iiswrite.exe application, use this software to exploit the IIS Write permission vulnerability to upload a word trojan.

1. Upload the 22.txt file in a put manner. Check whether the target site has test.txt file display error, stating that there is no Test.txt file, then we can request the file name can be 22.txt. The domain name is 192.168.1.119, click Submit Packet. Re-access 192.168.1.119/test.txt displays the uploaded content, indicating that the upload was successful.

2 Copy the data, the file name of the data is shell.asp, click Submit Data. Using the browser access http://192.168.1.119/shell.asp found that the access was successful, and there was no error stating that replication was successful.

3. Open the Chinese chopper, right-click Add Input address http://192.168.1.119/shell.asp password for chop per click Add. Double-click to open the connection, get to the server directory, see the uploaded shell.asp file and the Test.txt file.

4. Demo

Fix this vulnerability

1. First click on Web server and click on Disable, click Yes to close WebDAV

2. Click the plus icon next to the network click on the default website check properties Click, click Home Directory, uncheck write, click Apply, then click OK

3. Rescan shows that put uploads are displayed as no, stating that they cannot be uploaded. Use the ISS write test, use put, submit a packet, display a 501 error message, upload failed, indicating that the bug was successfully repaired.

owasp-a5-Security Configuration Error