Technology Insights

Static Source Code Audit On Terminal Using Bash Functions

For anyone that has done a long source code audit is not about really finding the easy/low hanging fruit stuff that can be slow and sometimes a bit “frustrating”. I recently had a nice 660,000 lines of code source code audit to be done in less than 2 weeks, the language was Java, so the first thing that was to be done (they had already hit fortify and other tools with it) and were looking for a bit of more interesting stuff apparently. This raised some specific problems while working and finding the vulnerabilities and exploitability of them.

Technology Insights

Double Encoding – One Of The Biggest Enemies While Fixing Cross-Site Scripting (XSS)

“You have X amount of Cross-Site Scripting vulnerabilities”. That is a phrase most web developers have heard at least one time, what is a Cross-Site Scripting vulnerability?

OWASP defines Cross-Site Scripting as:

“Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.”

Information Security

SQLMap won’t enumerate databases

Well, I run with psymera a CTF game and we are constantly adding new VMWare machines and new tests just to keep on playing and not get bored. As part of a internal training where I work I started to create some videos on how to use SQLMap (I promise to upload here shortly in a big rant about it) so I started on what everyone does: update your version.

And something interesting happened, sqlmap enumeration broke (gorgeous) but it didn’t look much like it, it baffled me at first, so much that I had to do all by hand and asked psymera if he changed something, he said no.

So this is the info of the updated sqlmap version to that date:

bash

  1. root@fsckOSX:/pentest/database/sqlmap# svn info
  2. Path: .
  3. URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
  4. Repository Root: https://svn.sqlmap.org/sqlmap
  5. Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
  6. Revision: 4380
  7. Node Kind: directory
  8. Schedule: normal
  9. Last Changed Author: stamparm
  10. Last Changed Rev: 4380
  11. Last Changed Date: 2011-09-19 12:08:08 -0700 (Mon, 19 Sep 2011)

the SVN rev is 4380, latest at Sep 19th, here is the example of a run against the vulnerable web server with this revision.