White Paper: 0x00 vs ASP file upload scripts

From: Brett Moore (brett.moore_at_security-assessment.com)
Date: 07/13/04

  • Next message: Paul Szabo: "RE: Unchecked buffer in mstask.dll"
    To: "Bugtraq@Securityfocus. Com" <bugtraq@securityfocus.com>
    Date: Tue, 13 Jul 2004 14:52:15 +1200
    
    

    We are proud to announce the release of our latest white paper
    titled 0x00 vs ASP file upload scripts.

    .Abstract.
    The affects of the `Poison NULL byte` have not been widely
    explored in ASP, but as with other languages the NULL byte
    can cause problems when ASP passes data to objects.

    Many upload systems written in ASP suffer from a common
    problem whereby a NULL byte can be inserted into the filename
    parameter leading to any extension, after the null byte,
    being ignored when writing the file.

    This means that in some cases it is possible to bypass
    checks for valid extensions, even if one is appended by the
    application. This is very similar to attacks against perl and
    PHP, the difference being how the null byte is sent to the
    application.

    This problem arises when data is compared and validated in ASP
    script but passed to the FileSystemObject without checking for
    NULL bytes.

    This document will discuss how ASP upload scripts can be
    affected by the Poison NULL byte attack.

    .Download.
    This white paper is freely available for download from our website
    www.security-assessment.com under the releases->white papers section.

    Any feedback or follow up to this is most welcome,

    Regards

    Brett Moore
    Network Intrusion Specialist, CTO
    Security-Assessment.com Ltd
    www.security-assessment.com

    ######################################################################
    CONFIDENTIALITY NOTICE:

    This message and any attachment(s) are confidential and proprietary.
    They may also be privileged or otherwise protected from disclosure. If
    you are not the intended recipient, advise the sender and delete this
    message and any attachment from your system. If you are not the
    intended recipient, you are not authorised to use or copy this message
    or attachment or disclose the contents to any other person. Views
    expressed are not necessarily endorsed by Security-Assessment.com
    Limited. Please note that this communication does not designate an
    information system for the purposes of the New Zealand Electronic
    Transactions Act 2003.
    ######################################################################


  • Next message: Paul Szabo: "RE: Unchecked buffer in mstask.dll"

    Relevant Pages

    • White Paper: 0x00 vs ASP file upload scripts
      ... titled 0x00 vs ASP file upload scripts. ... The affects of the `Poison NULL byte` have not been widely ... This document will discuss how ASP upload scripts can be ... This white paper is freely available for download from our website ...
      (Vuln-Dev)
    • [Full-Disclosure] White Paper: 0x00 vs ASP file upload scripts
      ... titled 0x00 vs ASP file upload scripts. ... The affects of the `Poison NULL byte` have not been widely ... This document will discuss how ASP upload scripts can be ... This white paper is freely available for download from our website ...
      (Full-Disclosure)
    • Re: Form results saved to a database and sent by Email
      ... > folder, ... > details to Other - ASP, ... > Microsoft MVP ... >>> white paper by Microsoft on this in FP2002 and can't seem to get it ...
      (microsoft.public.frontpage.programming)
    • Re: Form results saved to a database and sent by Email
      ... There is not a database in sight. ... You need to write an asp form handler following the guidelines in the ... Microsoft MVP ... >> white paper by Microsoft on this in FP2002 and can't seem to get it ...
      (microsoft.public.frontpage.programming)