Category: News

Michael Daw Anthology

michaeldaw.org is pleased to announce the first “Michael Daw Anthology” award.

For those of you curious, anthology is a collection of published works. The original idea behind the michaeldaw.org website was to build stories upon a fictional hacking icon named, Michael Daw, as well as to host other security related material. As a close friend pointed out to me, the name is very relevant “when pondered upon”. Some believe that the archangel Michael holds the keys to the doors of Heaven.

Use cutting-edge security wizardry, use sci-fi… write a hacking story centered around Michael Daw and be 1 of 6 to stand the chance of winning.

The full details of the competition will be provided soon. We are currently seeking sponsors to donate towards the winnings. For more information please contact us.

Bypassing ASP.NET XSS Filters

This attack is only possible with Internet Explorer users as it exploits the old IE CSS comment hack; a very creative find indeed from the guys at ProCheckUp.

Proof of Concept:

Alert box injection - simply provided for testing purposes
(may cause DoS issues on Internet Explorer)
http://target/vuln-search.aspx?term=</XSS/*-*/STYLE=xss:e/**/xpression
(alert('XSS'))>

ASP.NET will also escape double quotes(“), so although a number .NET servers are vulnerable to this, it is somewhat mitigated by this fact.

ASP Auditor (with a little mod) could be used to test if your web server(s) are vulnerable. Let me know if your interested. I hope to add this check to the tool shortly.

AVs prove less-effective

Last year I started working on the Web Backdoor Compilation (WBC). The idea behind the project was the following:

  • A tool to aid penetration testers and web developers with security testing document management applications.

Recently I made a pre-v2 release of the tool, which has received even more feedback then the previous version and the project just got even more exciting.

During web applications security audits, I have come across a couple of situations where my uploaded file just vanished off the server – I am sure many reading this have come across this too. The reason behind this was that an Anti-Virus (AV) application had detected the malicious script and removed it. My future plans for this project is to check the effectiveness of AV filters against the scripts in WBC. Dancho Danchev has gone ahead and made a fantastic start to this!

I have gone ahead and added his research into the WBC table for easy viewing and as a centralised location for AV vendors and other interested parties. The results are certainly not a shocker but definately an eye opener. WBC has certainly demonstrated what all security researchers already know, this area needs work!

I can really see AV vendors catching a wake up call in this area or atleast I hope they do. The fun will soon begin to see how we can circumvent their restrictions and help improve some of these products!

Powered by WordPress & Theme by Anders Norén