2006 12 14 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 2
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 3 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 4
18 3 2 ( ) p.11 p.12 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 5 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 6
- Erroneous Error Handling - Information Leakage web - Session Hijacking/Replay - OS Command Injection - Session Fixation - SQL Injection - Brute Force Password check - Buffer Overflow - Forceful Browsing - Parameter manipulation - Back door and Debug mode web - phishing pharming - - Erroneous Error Handling - Information Leakage - Cross Site Scripting XSS - - Cross Site Request Forgery CSRF - F/W Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 7 Buffer Overflow Cross-Site Scripting Parameter Manipulation Backdoor & Debug Options SQL Injection OS Command Injection Client Side Comment Error Codes Forceful Browsing Unnecessary Information HTTPS Misuse Cross-Site Request Forgeries Unnecessary File Server misconfiguration Insecure Cookies Session Hijack Session Replay Session Fixation Known Vulnerability Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 8
Buffer Overflow GET/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u 6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190 %u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 9 Cross-Site Scripting http://www.example.com/show.cgi?text=<script>alert()</script> Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 10
Cross-Site Scripting Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 11 Parameter Manipulation http://www.example.com/buy.cgi?id=30&num=3&price=123 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 12
Backdoor & Debug Options Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 13 SQL Injection Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 14
SQL Injection select id from user_table where id= ${id} and pw= ${pw} or 1=1 -- abc select id from user_table where id= or 1=1 -- and pw= abc where SQL Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 15 SQL Injection xxx' and 1=1-- xxx' and 1=0-- and absinthe http://www.0x90.org/releases/absinthe/ Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 16
OS Command Injection Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 17 Client Side Comment Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 18
Error Codes Unnecessary Information Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 19 Forceful Browsing Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 20
Unnecessary Information Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 21 HTTPS Misuse Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 22
Cross-Site Request Forgeries http://www.example.com/buy.cgi?productid=ax123&num=10&action=finish hidden hidden Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 23 Cross-Site Request Forgeries Cookie Cookie Cookie <a href=http://www.example.com/taikai.php?action=finish> </a> Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 24
Unnecessary File /var/www/htdocs/ Image/ css/ script/ data/ toiawase.dat exec.cgi Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 25 Unnecessary File Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 26
Server misconfiguration Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 27 Insecure Cookies https://www.example.com/ Set-Cookie: ssid=1392383 http://www.example.com:443/ Cookie: ssid=1392383 Set-Cookie: ssid=hkhd3ksa31gak9f; secure Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 28
Session Hijack Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 29 Session Replay http://server/aa.cgi?ssid=xxxxxx Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 30
Session Fixation http://www.example.com/index.php?phpsessid=abcdefg http://www.example.com/index.jsp;jsessionid=jk3lsw8fjhgyt10 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 31 Session Fixation <a href="http://www.example.com/index.php? PHPSESSID=abcdefg"> </a> http://www.example.com/index.php?phpsessid=abcdefg Cookie Set-Cookie: PHPSESSID=abcdefg Cookie: PHPSESSID=abcdefg Cookie: PHPSESSID=abcdefg Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 32
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 33 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 34
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 35 Authentication 2005.4 http://www.fsa.go.jp/singi/singi_fccsg/gaiyou/f-20050415-singi_fccsg/02.pdf Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 36
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 37 100MbpsLAN PC 0.00062 3 30 0.038 3 30 2.38 9 2.46 1 2.54 95 6.57 5,900 13.58 36 69 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 38
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 39 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 40
id=naka, pw=ieog39sj pw hash( ieog39sj ) Pc0gGUJNM4fr4 MHn+9JhQQ naka, Pc0gGUJNM4fr4MHn+9JhQQ ID Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 41 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 42
1 Keep-Alive Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 43 GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwaveflash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: ja Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1;.NET CLR 1.1.4322) Host: www.example.com Connection: Keep-Alive HTTP/1.0 200 OK Date: Wed, 29 Nov 2006 08:21:21 GMT Server: Apache Content-Length: 17463 Connection: close Content-Type: text/html; charset=shift_jis <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 44
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 45 GET /auth/index.html HTTP/1.1 Accept: */* Accept-Language: ja Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1;.NET CLR 1.1.4322) Host: www.example.com Connection: Keep-Alive Authorization: Basic Z3Vlc3Q6Zm9vYmFy Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 46
$ perl -MMIME::Base64 -e 'print MIME::Base64::decode_base64("Z3Vlc3Q6Zm9vYmFy");' guest::foobar Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 47 GET /auth2/index.html HTTP/1.1 Accept: */* Accept-Language: ja Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1;.NET CLR 1.1.4322) Host: www.example.com Connection: Keep-Alive Pragma: no-cache Authorization: Digest username="guest", realm="sec", qop="auth", algorithm="md5", uri="/auth2/index.html",nonce="yfgkvbijbaa=2a8b5d8f5e1d4f4f342a457d8b604640f5 1347d5", nc=00000001, cnonce="bfae40a7d3fdeb264eb078563de43943",response= "44985ca43eb4c7001c9948efcfa23a1f" Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 48
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 49 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 50
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 51 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 52
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 53 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 54
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 55 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 56
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 57 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 58
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 59 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 60
<input type= hidden name= sec_key value= ALG2K9Q0E > Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 61 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 62
$str =~ / d+/; $str =~ /^ d+$/; Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 63 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 64
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 65 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 66
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 67 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 68
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 69 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 70
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 71 xss_ Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 72
"><script>alert()</script> Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 73 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 74
Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 75 Copyright 2006 Mitsui Bussan Secure Directions, Inc. All Rights Reserved. 76