WebApp Sec mailing list archives
RE: AppSec Sample Reports
From: "Sutton, Paul A." <SuttonP () aafes com>
Date: Tue, 23 May 2006 06:19:17 -0500
I have not been able to locate a good "form report" for an assessment. Currently I am working on one now I will post here when I am finished and let me say it is nice so far. It should be relatively simple to alter to most assessments which are one of my goals. If anyone has input in wording the executive summary or the offer suggestions on the best wrap-up let me know. Paul Sutton Network Data Security Analyst Army Air Force Exchange Service 3911 S. Walton Walker Blvd. Dallas, TX 75266-0202 -----Original Message----- From: bill.louis () gmail com [mailto:bill.louis () gmail com] On Behalf Of Alice Bryson Sent: Tuesday, May 23, 2006 2:31 AM To: pete () techsmartgroup com Cc: webappsec () lists securityfocus com Subject: Re: AppSec Sample Reports You may see following as a sample: WebCalendar CRLF Injection Vulnerability I. BACKGROUND WebCalendar is a PHP application used to maintain a calendar for one or more persons and for a variety of purposes. II. DESCRIPTION CRLF injection vulnerability in WebCalendar layers_toggle.php allows remote attackers to inject false HTTP headers into an HTTP request, via a URL containing encoded carriage return, line feed, and other whitespace characters. III. PUBLISH DATE Publish Date: 2005-12-1 Update Date: 2005-12-2 IV. AUTHOR lwang (lwang at lwang dot org) V. AFFECTED SOFTWARE WebCalendar version 1.0.1 and 1.1.0 are affected. Older versions are not verified. VI. ANALYSIS in layers_toggle.php, parameter $ret does not validation. if ( empty ( $error ) ) { // Go back to where we where if we can figure it out. if ( strlen ( $ret ) ) do_redirect ( $ret ); else if ( ! empty ( $HTTP_REFERER ) ) do_redirect ( $HTTP_REFERER ); else send_to_preferred_view (); Proof of Concept: http://victim/webcalendar/layers_toggle.php?status=on&ret=[url_redirect_ to] VII. SOLUTION Input validation will fix the bug. VIII. ADVISORY http://vd.lwang.org/webcalendar_crlf_injection.txt IX. REFERENCE http://www.k5n.us/webcalendar.php 2006/5/23, Pete Soderling <pete () techsmartgroup com>:
Hey all, I'm interested if anyone has any sample appsec vulnerability reports
to
share. I'm interested in learning/evaluating the best ways to report
on
vulnerabilities to a client, and it would be helpful to see different
ways
others have done it. Obviously, I'm not interested in - and don't want
these
to contain any client-specific or sensitive info - but if anyone has
any
appropriate documentation to share it would be helpful. Also appreciated would be links to any other online projects dealing
with
this - although I haven't found much yet. I know OWASP has a PenTest Reporter tool in the works that would fall into this category,
although it
doesn't look like it's been officially released yet. Thanks for any help or suggestions. cheers, --pete
------------------------------------------------------------------------ -
Sponsored by: Watchfire Watchfire named worldwide market share leader in web application
security
assessment by leading market research firm. Watchfire's AppScan is the industry's first and leading web application security testing suite,
and
the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c
------------------------------------------------------------------------ --
-- Homepage: http://www.lwang.org mailto:abryson () bytefocus com ------------------------------------------------------------------------ - Sponsored by: Watchfire Watchfire named worldwide market share leader in web application security assessment by leading market research firm. Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download a Free Trial of AppScan 6.0 today! https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c ------------------------------------------------------------------------ -- ------------------------------------------------------------------------- Sponsored by: Watchfire It's been reported that 75% of websites are vulnerable to attack. That's because hackers know to exploit weaknesses in web applications. Traditional approaches to securing these assets no longer apply. Download the "Addressing Challenges in Application Security" whitepaper today, and see for yourself. https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9m --------------------------------------------------------------------------
Current thread:
- AppSec Sample Reports Pete Soderling (May 22)
- Re: AppSec Sample Reports Alice Bryson (May 23)
- <Possible follow-ups>
- RE: AppSec Sample Reports Sutton, Paul A. (May 23)