Legacy code and deserialization
Posted inWeb Security

Insecure Deserialization in .NET: Risk and Fixing Legacy Code

Introduction

We have discussed in the previous post regarding the introduction, basically Insecure deserialization is a critical vulnerability that often lurks in legacy systems and internal applications. Serialization and deserialization are foundational operations in modern software development, enabling communication between systems, data storage, and object persistence. However, improper use of deserialization—particularly with unsafe serializers like .NET’s BinaryFormatter—can open the door to severe vulnerabilities, including remote code execution (RCE).

This blog post will unpack the risks associated with insecure deserialization, illustrate real-world vulnerable patterns, and explore multiple remediation strategies. We’ll focus especially on the dangers of the legacy BinaryFormatter class and how developers can safely move away from it.

Insecure Deserialization: A Silent Killer in Modern Applications
Posted inWeb Security

Insecure Deserialization: A Silent Killer in Modern Applications

In the realm of cybersecurity, one vulnerability that continues to haunt developers and security professionals alike is insecure deserialization. This seemingly innocuous process, crucial for transferring data between systems, harbors a myriad of risks when implemented carelessly. We delve deep into the intricacies of insecure deserialization, uncover its potential threats. I will also demonstrate practical examples in PHP, Java, and Python.

What is serialization

Serialization is the process of converting complex data structures, such as objects and their fields, into a “flatter” format that can be sent and received as a sequential stream of bytes. Serializing data makes it much simpler to:

  • Write complex data to inter-process memory, a file, or a database
  • Send complex data, for example, over a network, between different components of an application, or in an API call

Crucially, when serializing an object, its state is also persisted. In other words, the object’s attributes are preserved, along with their assigned values.

Appsec Automation : Why we need this hot cake
Posted inWeb Security

Appsec Automation : Why we need this hot cake

Hello guys !! Hope all good at your side of the screen. Today we will discuss about the topic which everybody is talking about. I am sure we all have a same answer if someone asks how we will if our all tasks will get automated and we can sit back and relax. A big Yes, right ? But yeah, we need lots of effort and money to complete that part. Application security automation is no different from this. Appsec automation has gathered all the limelight and has a tremendous exposure since past a year or so.

What is Appsec Automation

In today’s fast-paced digital landscape, the importance of robust application security (AppSec) cannot be overstated. With cyber threats growing in sophistication and frequency, organizations must prioritise the protection of their applications and data. Enter AppSec automation – a game-changing approach to security that promises to streamline processes, enhance efficiency, and bolster defenses against evolving threats.

Posted inWeb Security

Advanced Exploitation with Sqlmap

We have learnt the basic exploitation of Sql Injection with the help of Sqlmap in our previous posts. But there is always a step further. In this post we will see most advanced exploitation with Sqlmap.

Once again 3 cheers to Kunal for helping me out for this post.

In our first post of Sqlmap, we have explained few basic options of Sqlmap. We will see some more.

Advanced Exploitation with Sqlmap

Whenever I meet people and talk about any vulnerability, my first and final ask remains the same what is most extreme thing we can do by exploiting that vulnerability. In the case of SQL Injection most of my peers don’t discuss beyond downloading or altering the database. Although we can go beyond it and take the control of the application completely with the help of shell. we can run the os-commands, upload a file, read an existing file and what not.

Posted inWeb Security

Form based SQL Injection with Sqlmap

In previous post we have seen the basic tutorial of Sqlmap and the exploitation.

The exploitation was about the GET request or where the vulnerable parameter is passing in the URL. There is another aspect of Sql Injection where it happens in form based submissions. In more technical terms a POST request where the certain parameters are being sent to server. In this post we will exploit form based SQL Injection with Sqlmap.

This post could have been delayed without the help of Kunal Pachauri, so just a shoutout for him before I start this post.

Posted inWeb Security

Sqlmap tutorial for beginners – hacking with sql injection

As I discussed in my previous post that we can exploit Union Based SQL Injection with the help of manual SQL queries. now we will do the same exercise with a Python based tool SQLMAP.

Note:- This tutorial is being carried out on demo test site provided by ACUNETIX, You can also try on the same website.

Sqlmap

Sqlmap is arguably the most popular and powerful sql injection automation tool available and it is completely open-source. All it needs is the vulnerable URL in case of get request or a text file in case we want to perform it on a post request.

Sqlmap can exploit the application’s database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc. It can even read and write files on the remote file system under certain conditions.

Posted inWeb Security

Install Sqlmap on Windows

Sqlmap is arguably the most popular tool for exploitation of sql injection vulnerability and database takeover. It is completely automated and customization depending upon the server or database configurations. This tool provides wide ranges of flags which can be used to trigger an attack in an effective manner. It is completely open-source in terms of license. Its written in python. Now as I am going to discuss more and more about sqlmap it’s usage and tutorials in my forthcoming blogs so we need to know how to install and start sqlmap for further uses.

If you use Kali, Backtrack or any such VM then it comes as a package.

This post is a brief guide to setup and run sqlmap on windows. I am installing on Windows 10 machines but it works fine on any windows flavor, we just need python to support it.

Posted inOperating System Web Security

OS Command Injection : Simple yet effective

What is OS Command Injection

OS Command Injection is a vulnerability which describes improper neutralization of special elements. It can result in modification of the intended OS command that is sent to a downstream component.
So, OS command injection weaknesses can expose an environment to an attacker even if he does not have direct access to the operating system. Also, if the application is running with higher privilege, it may allow an attacker to specify commands that may not be available otherwise.

Running OS commands is very useful functionality but it can equally trigger a vulnerability if not used correctly.

Types of OS Command Injection

There are two sub-types of command Injection.

  • An application executes a fixed program that is under its control and accepts external input as arguments to that program. e.g. the application may run system(“nslookup [HOSTNAME]”) to run nslookup and allow the user to supply a HOSTNAME, which is actually an argument.
    Interestingly, if the program does not remove separators from the externally supplied HOSTNAME argument, the attacker could place separators inside the argument and execute his own command.
  • The application uses input to select which program to run and what commands to use. The application sanitizes the input and then simply redirects the entire command to the operating system.
Posted inWeb Security

Back Refresh Attack Vulnerability on QualysGuard- Your browser’s back button can do more than you think !!

Hello Guys !! Hope the new year started good for you all. Continuing my previous statement of sometimes functionality leads to vulnerability..”, I am gonna start discussing this another feature of the browser which can lead to leaking sensitive information like your passwords and sometimes even you complete Credit Card details. Definitely there are scenarios and certain dependencies which we will go through in later in the post.

What Actually this vulnerability is !!

As you have already noticed the back and forward buttons of the browsers. These buttons simply navigate you to through the pages you have visited during your browsing history. So definitely browsers have the ability to maintain a recent record of pages that a users visits during the session. The back and forward button on browsers use this functionality to display the pages recently browsed.

In addition browsers also keep track of variables that were sent to server(Even by a POST Request) while you fetched any page.

These attractive feature enhances the user experience definitely but can be very harmful if the applications doesn’t handle it properly.

Posted inWeb Security

CSV Macro Injection

CSV Macro Injection : It’s rather a trick to abuse the functionality…

Application security is quite a tricky domain. Just imagine for all those years when you thought something as a functionality of the application and suddenly it turns out to be a vulnerability which can be exploited to take down your system completely. CSV Macro Injection/Formula Injection is also one of those. We will look into it in detail that how a simple and such useful feature can become vulnerable and abuse the complete CIA triangle.

We can’t deny the usefulness of spreadsheets in our daily IT/Non-IT life. If you have bulk data and you want it to edit, sort, represent, compute(we really can do more stuffs than this as well) repetitively the excel and CSV is the correct file format for you. In computing, a comma-separated values (CSV) file stores tabular data (numbers and text) in plain text. Each line of the file is a data record.

Each record consists of one or more fields, separated by commas. The use of the comma as a field separator is the source of the name for this file format. The CSV file format is not standard. The basic idea of separating fields with a comma is clear, but that idea complicates when the field data may also contain commas or even line-breaks. CSV implementations may not handle such field data, or they may use quotation marks to surround the field. Quotation does not solve everything: some fields may need embedded quotation marks, so a CSV implementation may include escape characters or escape sequences.