Last year I started working on the Web Backdoor Compilation (WBC). The idea behind the project was the following:
- A tool to aid penetration testers and web developers with security testing document management applications.
Recently I made a pre-v2 release of the tool, which has received even more feedback then the previous version and the project just got even more exciting.
During web applications security audits, I have come across a couple of situations where my uploaded file just vanished off the server – I am sure many reading this have come across this too. The reason behind this was that an Anti-Virus (AV) application had detected the malicious script and removed it. My future plans for this project is to check the effectiveness of AV filters against the scripts in WBC. Dancho Danchev has gone ahead and made a fantastic start to this!
I have gone ahead and added his research into the WBC table for easy viewing and as a centralised location for AV vendors and other interested parties. The results are certainly not a shocker but definately an eye opener. WBC has certainly demonstrated what all security researchers already know, this area needs work!
I can really see AV vendors catching a wake up call in this area or atleast I hope they do. The fun will soon begin to see how we can circumvent their restrictions and help improve some of these products!