Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Lorem Ipsum

Pages: [1]
1
Beginner's Corner / Usage of unhandled exception and full path disclosure
« on: January 03, 2016, 05:53:38 pm »
Hi guys,
While learning things about sql/xss injections, I've been investigating some test site for security issues.
I discovered that it throws an unhandled exception whenever invalid input is provided. Exception pages provide a lot of info:
Example 1:
Code: [Select]
?jobid=-1 gives "System.InvalidOperationException"
With the following stack trace:
Code: [Select]
if ($('#ShowOffset').length)
offset = $('#ShowOffset').val();
var actionUrl = "@Url.Action("SelectDoctor", "Doctor", new { DoctorId = Model.First().DoctorId, Offset = -9999 })".replace('amp;', '').replace('-9999', offset);
AjaxBegin('#calendarLoading');
$.get(actionUrl, function (data) {


System.Linq.Enumerable.First(IEnumerable`1 source) +514
   ASP._Page_Areas_Desktop_Views_Job_Doctors_cshtml.Execute() in c:\BelcMT\Program\wwwroot\ticket\Areas\Desktop\Views\Job\Doctors.cshtml:16
   System.Web.WebPages.WebPageBase.ExecutePageHierarchy() +280
   System.Web.Mvc.WebViewPage.ExecutePageHierarchy() +125
   System.Web.WebPages.WebPageBase.ExecutePageHierarchy(WebPageContext pageContext, TextWriter writer, WebPageRenderingBase startPage) +196
   System.Web.Mvc.ViewResultBase.ExecuteResult(ControllerContext context) +380
   System.Web.Mvc.<>c__DisplayClass1a.<InvokeActionResultWithFilters>b__17() +33
   System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation) +613
   System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult) +263
   System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +230
   System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +28
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15
   System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +53
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15
   System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +42
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +606
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +288

Example 2:
Code: [Select]
?jobid=' gives the following error:
Code: [Select]
System.ArgumentException: The parameters dictionary contains a null entry for parameter 'jobId' of non-nullable type 'System.Int16' for method 'System.Web.Mvc.ActionResult SelectJob(Int16)' in 'TicketMVC.Areas.Desktop.Controllers.JobController'. An optional parameter must be a reference type, a nullable type, or be declared as an optional parameter.

System.Web.Mvc.ActionDescriptor.ExtractParameterFromDictionary(ParameterInfo parameterInfo, IDictionary`2 parameters, MethodInfo methodInfo) +657
   System.Linq.WhereSelectArrayIterator`2.MoveNext() +82
   System.Linq.Buffer`1..ctor(IEnumerable`1 source) +520
   System.Linq.Enumerable.ToArray(IEnumerable`1 source) +103
   System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +165
   System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +39
   System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +120
   System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +452
   System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +15
   System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +31
   System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +230
   System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +28
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15
   System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +53
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15
   System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +42
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +606
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +288

Microsoft .NET Framework, version:4.0.30319; ASP.NET, version:4.0.30319.34237

Okay, I see full path to source page in the first case. However, when I tried ~/ticket/Areas/Desktop/Views/Job/Doctors.cshtml, I got an exception saying that file type is not supported (blocked).

I'm stuck with this. Is it possible to use information from that stack traces anyhow? Could you please at least point me the direction to move on?

2
Java / Re: A question about source code editors
« on: December 31, 2015, 01:23:05 am »
I find Geany rather good, convenient, and easy to use and set up. My vote goes for it.

3
General discussion / Re: What Inspired You?
« on: December 31, 2015, 12:52:13 am »
I first learned about programming at the age of around 10 or so when parents bought me a computer. I dreamed of creating my own games then, but true inspiration came from the book "Hackers: Heroes of the Computer Revolution" by Steven Levy

Pages: [1]