.NET Framework is still extremely popular. It powers thousands of various applications, including the ones heavily utilized in huge enterprises. Both the .NET Framework (and applications based on it) have been researched for many years, and at some point, we could think that we have already discovered all the major attack surfaces.
What if I told you that its HTTP client proxies are fundamentally broken? As their name and documentation suggest, their role is to access HTTP-based services. However, they can be abused to access the filesystem and achieve Arbitrary File Write, depending on how the client is being used.
This presentation details how I discovered the Invalid Cast vulnerability in .NET Framework HTTP client proxies. I will start with the initial discovery of the root cause. Then, I will walk the audience through all the technical aspects related to the vulnerability (together with the main exploitation vectors). It is usually abusable through SOAP clients, especially if they are dynamically created from the attacker-controlled WSDL. I will cover multiple ways to weaponize the WSDL files, which may lead to Remote Code Execution through webshell upload. I will also present the vulnerable code patterns.
The presentation will also cover my efforts to encourage Microsoft to fix this vulnerability in .NET Framework. They were not cooperative, even though the vulnerability affects multiple Microsoft codebases, including: PowerShell, SharePoint, SQL Server Integration Services and some developer tools.
I will end this talk with getting shells on popular enterprise-level products. You should expect hundreds of various applications and tools to be vulnerable to this attack vector, which likely will be discovered over the incoming years.
By: Piotr Bazydlo | Principal Vulnerability Researcher at watchTowr, watchTowr
https://ift.tt/Cg98rfo
source https://www.youtube.com/watch?v=WbsHlAyGTQA
Subscribe to:
Post Comments (Atom)
-
Unmasking State-Sponsored Mobile Surveillance Malware from Russia, China, and North Korea – Threat Actors, Tactics, and Defense Strategies S...
-
WeChat, with over 1.2 billion monthly active users, stands as the most popular messaging and social media platform in China and third global...
No comments:
Post a Comment