Pages: [1]

Author Topic: Usage of unhandled exception and full path disclosure  (Read 809 times)

0 Members and 1 Guest are viewing this topic.

Offline Lorem Ipsum

  • NULL
  • Posts: 3
  • Cookies: 0
    • View Profile
Usage of unhandled exception and full path disclosure
« on: January 03, 2016, 05:53:38 pm »
Hi guys,
While learning things about sql/xss injections, I've been investigating some test site for security issues.
I discovered that it throws an unhandled exception whenever invalid input is provided. Exception pages provide a lot of info:
Example 1:
Code: [Select]
?jobid=-1 gives "System.InvalidOperationException"
With the following stack trace:
Code: [Select]
if ($('#ShowOffset').length)
offset = $('#ShowOffset').val();
var actionUrl = "@Url.Action("SelectDoctor", "Doctor", new { DoctorId = Model.First().DoctorId, Offset = -9999 })".replace('amp;', '').replace('-9999', offset);
AjaxBegin('#calendarLoading');
$.get(actionUrl, function (data) {


System.Linq.Enumerable.First(IEnumerable`1 source) +514
   ASP._Page_Areas_Desktop_Views_Job_Doctors_cshtml.Execute() in c:\BelcMT\Program\wwwroot\ticket\Areas\Desktop\Views\Job\Doctors.cshtml:16
   System.Web.WebPages.WebPageBase.ExecutePageHierarchy() +280
   System.Web.Mvc.WebViewPage.ExecutePageHierarchy() +125
   System.Web.WebPages.WebPageBase.ExecutePageHierarchy(WebPageContext pageContext, TextWriter writer, WebPageRenderingBase startPage) +196
   System.Web.Mvc.ViewResultBase.ExecuteResult(ControllerContext context) +380
   System.Web.Mvc.<>c__DisplayClass1a.<InvokeActionResultWithFilters>b__17() +33
   System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation) +613
   System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult) +263
   System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +230
   System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +28
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15
   System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +53
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15
   System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +42
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +606
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +288

Example 2:
Code: [Select]
?jobid=' gives the following error:
Code: [Select]
System.ArgumentException: The parameters dictionary contains a null entry for parameter 'jobId' of non-nullable type 'System.Int16' for method 'System.Web.Mvc.ActionResult SelectJob(Int16)' in 'TicketMVC.Areas.Desktop.Controllers.JobController'. An optional parameter must be a reference type, a nullable type, or be declared as an optional parameter.

System.Web.Mvc.ActionDescriptor.ExtractParameterFromDictionary(ParameterInfo parameterInfo, IDictionary`2 parameters, MethodInfo methodInfo) +657
   System.Linq.WhereSelectArrayIterator`2.MoveNext() +82
   System.Linq.Buffer`1..ctor(IEnumerable`1 source) +520
   System.Linq.Enumerable.ToArray(IEnumerable`1 source) +103
   System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +165
   System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +39
   System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +120
   System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +452
   System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +15
   System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +31
   System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +230
   System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +28
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15
   System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +53
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15
   System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +42
   System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +606
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +288

Microsoft .NET Framework, version:4.0.30319; ASP.NET, version:4.0.30319.34237

Okay, I see full path to source page in the first case. However, when I tried ~/ticket/Areas/Desktop/Views/Job/Doctors.cshtml, I got an exception saying that file type is not supported (blocked).

I'm stuck with this. Is it possible to use information from that stack traces anyhow? Could you please at least point me the direction to move on?
Report to moderator   Logged
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
Pages: [1]