Jump to content
denjacker

Http Parameter Contamination

Recommended Posts

Posted

Ivan Markovic has recently published the results of his research on the development of attack Http Parameter Pollution. A new attack called Http Parameter Contamination (HPC). The essence of this attack consists in the fact that the various platforms and applications are handled differently obviously incorrect parameters. This is illustrated in the following table:

HPC.png

Attack of the HPC, like HPP, can be used to bypass various filters, security restrictions and regulations Site Web Application Firewall. In particular, the researcher gives the following examples of bending rules Mod_Security:

Example 1 (Apache / php):

Forbidden: http://localhost/?xp_cmdshell'>http://localhost/?xp_cmdshell

Bypassed ([=> _): http://localhost/?xp [cmdshell

Example 2 (IIS / ASP):

Forbidden: http://192.168.2.105/test.asp?file=../bla.txt

Bypassed (.%. => ..): Http://192.168.2.105/test.asp?file =.%./ bla.txt

The full results of the survey by visiting:

http://www.exploit-db.com/download_pdf/17534

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...