Pages

Wednesday, October 06, 2004

Attack of the Canonicalization-alisers

Canonicalization attacks are where malicious users try to gain access to files that they shouldn't by entering file names and paths that the system understands, but that you don't expect. It's quite possible that the following filepaths could (depending on the context) all point to the same file:


c:\dir\test.dat

test.dat

..\..\test.dat

When a URL is received by a Web server, the server maps the request to a file system path that determines the response. The canonicalization routine that is used to map the request must correctly parse the URL to avoid serving or processing unexpected content. For more information about canonicalization, visit the following Microsoft Web site:
http://msdn.microsoft.com/library/.../THCMCh04.asp

Also related to this KB article is somthing that Scott Watermasysk highlighted
ASP.NET Security Issue and Guidance about an ASP.NET Forms authentication vulnerability, which can be cured with the appropriate canonical checks.
Posted by at
Tags:

1 comment:

foobarbaz said...

Further to this:

Microsoft ASP.NET ValidatePath ModuleMicrosoft has released an ASP.NET HTTP module that Web site administrators can apply to their Web server. This module will protect all ASP.NET applications against all potential canonicalization problems known to Microsoft.

10:04 am

Post a Comment

Subscribe to: Post Comments (Atom)