StewShack

I'm moving this website to Windows Live Spaces.

Please update your links.

Canonicalization Attacks

This is an ASP.NET 1.1 example.

These are attacks where a file name is referenced by a hacker via a different name. For example:

1. MyLongFileName.txt
2. MyLongFileName.txt.
3. MyLong~1.txt
4. MyLongFileName.txt::$DATA

So the file can be reached by many different names. In an earlier version of IIS this attack was used by hackers on ASP pages. A hacker would type in the address http://www.stewshack.com/default.asp::DATA and IIS would return the code of the page instead of processing it on the server.

URL's are also susceptible to this attack.

1. http://www.stewshack.com/aspnet/images
2. http://www%2estewshack%2ecom%2faspnet%2fimages
3. http://www.stewshack.com%c0%afaspnet%c0%afimages
4. http://www%25%32%65stewshack%25%32%65com/aspnet/images
5. http://172.43.122.12 = http://2888530444

So if you have code that looks for the URL, it could be exploited by this kind of attack.

1. Use file system security to restrict access to private data.
2. Never make a decision based on a name.
3. Disable Parent Paths setting in IIS.

Thank you MSDN Webcast.

Keyword: