Posts

Showing posts from August, 2010

Privilege Escalation with Like Query

Continuing with my last post "DoS with Like Query", another impact of it I want to discuss here. As I had said that the % and _ qualifier is often overlooked by developers to filter as its not so devastating as other characters. They are used for matching zero or more characters and single character respectively. I got a taste of it again when I was assessing an application recently.

The application had several roles. Role A can't access data of Role B (that's obvious :) ). The Authorization checks were properly implemented-so no chance of Privilege Escalation.

When I was examining the application closely, it has various search modules based on several conditions. If you search for a record after filling up a long form with fields with name, location, unit, suggestion no., suggestion name..blah,blah,blah. The one thing I noticed that the application was using the 'Supplier Name' field to search the records and listing down only those records which has matchin…

Basic Reverse Engineering

My article on basic introduction on Reverse Engineering of Flash and .Net files. The magazine Hakin9 in which the article published can be downloaded here.

The article is from Page#16 to Page#19.