[Owasp-argentina] ASHX, ASMX or What?

Ulises Retamal ulisesgr en gmail.com
Sab Jun 25 11:16:18 EDT 2011


Hi Nahuel,

I think you can try by creating and compiling a web service with VS.Net
for example, and uploading just the ASMX file to a known URL in the
context of the vulnerable web application. Never tried it before, but in
my opinion it should work.

After you have uploaded the ASMX file you can invoke its methods using
this format:
http://servername/projectname/xmlwebservicename.asmx/methodname?parametername0=value0&parametername1=value1&...&parameternamen=valuen

By the way, you can find some reference on creating ASP.Net web services
here:
http://oreilly.com/catalog/prognetws/chapter/ch02.html

Let me know if it works :)

Regards,

Ulises


> List,
>
> Imagine that you're in front of an """"insecure"""" file upload in the
> context of an IIS6,7 (no ;.jpg :P) and the regex filtering the file is like:
>
> [anything].asp[anything] (yeah, my.aspirator.jpg is filtered hehe)
>
> No .aspx, no .asp and no .aspx;jpg even if the server is vulnerable...
>
> So... is there any way to bypass this control? Like uploading a
> malicious Webservice (can we simply upload a Webservice file? I think
> they need to be precomplied first) or something like that?
>
> Thanks a lot!
>
> regards,



Más información sobre la lista de distribución Owasp-argentina