Canonicalization Issues

The objective in finding canonicalization issues is to identify places where an attacker can supply data and where the application makes certain decisions based on those values. Use different encodings, delimiters, characters , and so forth in an attempt to cause the data to be interpreted incorrectly when making a security decision. Refer to Chapters 6, 10, and 12.

Sample Test Cases

Test Case

Description

41

Hexadecimal encoding of a character ( 41 A).

C1 81

Overlong UTF-8 encoding of a character ( C1 81 A).

2541

Double encoding of a character ( 25 ).

gt

65

HTML encoding of a character ( gt 65 A).

x41

HTML hex encoding of a character ( x41 A).

0065

HTML encoding of a character using padding ( 0065 A).

 <input   type=text   value=""   style= "left:expressio?( document.bgColor='black')" > 

The ? is the Latin capital N U FF2E, which IE will best fit the map into scriptable code.

C: folder .. secret . password.txt

Directory traversal.

C: folder/secret.txt

Using a forward slash (/) instead of a backslash ( ).

Root or /Root

Using a leading forward slash (/) or backslash ( ) to access the root.

http://server/folder u002Ffile.txt

Using UCS-2 encoding of a character ( u002F /).

. C: windows notepad.exe

? C: windows notepad.exe

machine C windows notepad.exe

ip C windows notepad.exe

localhost C windows notepad.exe

127.0.0.1 C windows notepad.exe

Different ways to represent a local file.

windir notepad.exe

Using environment variables to represent a path .

C: windows notepad.exe.

Trailing period can still access a file.

C: windows notepad( space )

Trailing space can still represent a file.

C: Progra 1 longfi 1.txt

Short version of the long filename for C: Program Files longfilename.txt.

file.txt: data file.txt:: data

file.txt:: default

Using alternative NTFS file system file streams.

http://3232235521

Use the decimal form of an IP address to create a dotless address that can be used to trick some applications that attempt to detect zones, such as Internet versus intranet.



Hunting Security Bugs
Hunting Security Bugs
ISBN: 073562187X
EAN: 2147483647
Year: 2004
Pages: 156

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net