exploit-db에 간혹 우리나라 분들이 간혹 올리는 경우가 있는데

이번에는 KAIST CSRC라는 곳에서 보안분석 리포트를 올렸습니다.

 

주제는 1~2달 전 핫 이슈(?) XMLCoreSERVICES를 이용한 공격(CVE-2012-1889인데

꼼꼼히 잘 정리되어 있습니다.

 

 

경로:

http://www.exploit-db.com/wp-content/themes/exploit/docs/20084.pdf

 

Posted by bitfox
l

잠시 딴생각(?) 하는 틈에 재미난 취약점이 발견 되었군요;;

Microsoft IIS Tilde Character Short File/Folder Name Disclosure

 

IIS 서버군에서 *~*를 이용해 폴더명이나 파일명을 유추할 수 있는 취약점이 존재합니다.

 

자세한 내용은 아래문서를 참조해 보시면 되겠네요..ㅎㅎ

http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf

 

microsoft_iis_tilde_character_vulnerability_feature.pdf

Posted by bitfox
l

Referer : http://codesamplez.com/programming/http-request-c-sharp

 

 

 

===============

public class MyWebRequest
        {
            private WebRequest request;
            private Stream dataStream;

            private string status;

            public String Status
            {
                get
                {
                    return status;
                }
                set
                {
                    status = value;
                }
            }

            public MyWebRequest(string url)
            {
                // Create a request using a URL that can receive a post.

                request = WebRequest.Create(url);
            }

            public MyWebRequest(string url, string method)
                : this(url)
            {

                if (method.Equals("GET") || method.Equals("POST"))
                {
                    // Set the Method property of the request to POST.
                    request.Method = method;
                }
                else
                {
                    throw new Exception("Invalid Method Type");
                }
            }

            public MyWebRequest(string url, string method, string data)
                : this(url, method)
            {

                // Create POST data and convert it to a byte array.
                string postData = data;
                byte[] byteArray = Encoding.UTF8.GetBytes(postData);

                // Set the ContentType property of the WebRequest.
                request.ContentType = "application/x-www-form-urlencoded";

                // Set the ContentLength property of the WebRequest.
                request.ContentLength = byteArray.Length;

                // Get the request stream.
                dataStream = request.GetRequestStream();

                // Write the data to the request stream.
                dataStream.Write(byteArray, 0, byteArray.Length);

                // Close the Stream object.
                dataStream.Close();

            }

            public string GetResponse()
            {
                // Get the original response.
                WebResponse response = request.GetResponse();

                this.Status = ((HttpWebResponse)response).StatusDescription;

                // Get the stream containing all content returned by the requested server.
                dataStream = response.GetResponseStream();

                // Open the stream using a StreamReader for easy access.
                StreamReader reader = new StreamReader(dataStream);

                // Read the content fully up to the end.
                string responseFromServer = reader.ReadToEnd();

                // Clean up the streams.
                reader.Close();
                dataStream.Close();
                response.Close();

                return responseFromServer;
            }

        }

===============

 

 

사용법

 

==============

//create the constructor with post type and few data
MyWebRequest myRequest = new MyWebRequest("http://www.yourdomain.com","POST","a=value1&b=value2");
//show the response string on the console screen.
Console.WriteLine(myRequest.GetResponse());

==============

Posted by bitfox
l