n3m0 had managed to boil his noodles for fifteen minutes instead of the recommended three; it didn’t improve their taste. Unsatisfied by his meal n3m0 sat down at his computer again. After reading his feeds he got back to work.<\/p>\n
He came across an advisory for ShowRoom.Asp 3.4.x, marked with the magic words, System Access from Remote<\/em>. It had been discovered well over half a year ago, apparently the developers had been quick in releasing a patch and labeled it ShowRoom.Asp 3.5. Good for them<\/em>, n3m0 thought. After surfing the website where ShowRoom.Asp was hosted he found a downloadable zip file of the vulnerable version, he also downloaded the patched release so he could see what had changed.<\/p>\n According to the Readme file, ShowRoom.Asp was a piece of software made it easy for companies to show their products on their website. It was kind of like a cms but just for a small part of the website. The users could sort their products into different categories and describe their products, upload an image and assign a price to the products.<\/p>\n Coding aside, the design just appalled n3m0. I bet it’s even worse when you view the page in a browser<\/em>, n3m0 shuddered. As he had guessed the problem was concerning sql injection, the developers seemed aware that they should do input validation but had missed to check it on a request.querystring value.<\/p>\n The impact was that you could log on to the site as admin without using a password, there you added a new product but instead of uploading an image you could upload an asp page of your own choice. In the newer version input validation had been fixed and the upload mechanism only allowed .gif .jpg and .bmp.<\/p>\n A decently configured Windows box should prevent this<\/em>, n3m0 thought as he was becoming more familiar with the code. On the other hand people who make an effort with the configuration usually don’t leave their systems vulnerable six months after the advisory is issued.<\/em><\/p>\n n3m0 had enough to start looking for a victim, he tabbed to his Firefox window and did a Google search; “powered by ShowRoom.Asp 3.4”<\/p>\n Results 1 \u00e2\u20ac\u201c 10 of about 120 for “powered by ShowRoom.Asp 3.4”. (0.40 seconds)<\/p>\n Two words popped into n3m0’s mind when he saw the search results; Road Kill.<\/em><\/p>\n [tags]security, stories, fiction[\/tags]<\/p>\n","protected":false},"excerpt":{"rendered":" n3m0 had managed to boil his noodles for fifteen minutes instead of the recommended three; it didn’t improve their taste. Unsatisfied by his meal n3m0 sat down at his computer again. After reading his feeds he got back to work. He came across an advisory for ShowRoom.Asp 3.4.x, marked with the magic words, System Access […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":""},"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/ogenstad.net\/wp-json\/wp\/v2\/posts\/18"}],"collection":[{"href":"https:\/\/ogenstad.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ogenstad.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ogenstad.net\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ogenstad.net\/wp-json\/wp\/v2\/comments?post=18"}],"version-history":[{"count":0,"href":"https:\/\/ogenstad.net\/wp-json\/wp\/v2\/posts\/18\/revisions"}],"wp:attachment":[{"href":"https:\/\/ogenstad.net\/wp-json\/wp\/v2\/media?parent=18"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ogenstad.net\/wp-json\/wp\/v2\/categories?post=18"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ogenstad.net\/wp-json\/wp\/v2\/tags?post=18"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}