HackDig : Dig high-quality web security articles for hacker

Vuln Hunt: Find the Security Vulnerability Challenge #2

2014-10-09 18:25

Ex-Netscape engineer Jamie Zawinski has a great quote about regular expressions. He said: “Some people, when confronted with a problem, think ‘I know, I’ll use regular expressions.’ Now they have two problems.” That’s certainly true for this week’s Security Vuln Hunt. Two points are possible, plus an extra bonus point.  The question:

vulnhunt#2

The programmer here has written an input validation regex to test whether a given string matches the format of a URL, and while we should give him credit for designing his application to validate input, the particular regex pattern that he’s using is vulnerable to a denial of service attack.

The subexpression (.[a-zA-Z0-9-._]+){2,} in the pattern contains a grouping expression with repetition (.[a-zA-Z0-9-._]+) that is itself repeated via the expression {2,}. The worst-case operation time for such a regex construction is exponential time O(2n), and this could allow an attacker to craft a relatively short input value that would hang the application in an exponential processing loop.

Give yourself a point if you found the regular expression denial-of-service (ReDoS) vulnerability in the code.

Give yourself a point if you used the SDL Regex Fuzzer (http://www.microsoft.com/en-us/download/details.aspx?id=20095) to find the vulnerability. These types of vulnerabilities are extremely difficult to find through manual code inspection, so why not take advantage of free tools that are available to help you?

Finally, give yourself a bonus point if you realized that in .NET 4.5, you can limit the amount of time that Regex spends trying to find matches by setting a matchTimeout value in the Regex constructor. This is an excellent defense-in-depth measure against ReDoS attacks.

Next week, we’ll look a sneaky SQL Injection vulnerability.


Source: egnellahc-ytilibarenluv-ytiruces-eht-dnif-tnuh-nluv/90/01/4102/tsurtrebyc/moc.tfosorcim.sgolb

“Vuln Hunt: Find the Security Vulnerability Challenge #2”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud