AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Code Injection

The attacker can inject unauthorized server-side code and run it on the target container which leads to information disclosure or total system ownage

Severity

Critical

Fix Cost

Medium

Trust Level

High

Rarely applications have the requirement of dynamically running user supplied server-side code. In order to implement this requirement, programming languages provide APIs for dynamic interpretation of strings as code.

Let the backend code is similar to the following snippet;

                            
var cscpOptions = new Dictionary() { { "CompilerVersion", "v4.5" } };
var cscp = new CSharpCodeProvider(cscpOptions);
var cpOptions = new[] { "mscorlib.dll", "System.Core.dll" };
var params = new CompilerParameters(cpOptions, "user.exe", true);
params.GenerateExecutable = true;
var codeStr = Request["code"];
CompilerResults results = cscp.CompileAssemblyFromSource(params, codeStr);
                 
            

The above code executes a C# code as string provided by the user at the backend. Here a malicious user can send any code that runs Operating System commands on the target system, steal information such as database credentials or database itself, etc.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!