As part of my thesis, I had the opportunity to conduct a full penetration test of a commercial web application written using ASP.NET. The result of my research is a report, which I decided to share in a "shaded" form with a wider range of people. Materials of this type in our native language are a scarce commodity. In fact, the only one I know from those available to the public comes from the sekuraka team – SEKURAK
Sam also strongly prefers to write reports in English, because of the professional naming and problems associated with its translation.
The application was tested using two roles with different permissions – the classic administrator and the regular user. Vulnerabilities have been detected in the application, including: • Taking control of the server; • Taking control of any user account; • Reading sensitive user data; • Using the application
to carry out phishing
attacks;
In addition to the classic shell gained by exploiting the vulnerability of not validating the transferred files to the server, I have a special "sympathy" for the error related to the mechanism of resetting the password of users. The application generated a security token that was not validated at a later stage of the process on the server side. This resulted in the ability to reset any user's password and thus hijack their account.
Full report to download at the REPORT link below