Case Study - Search Security TechTarget: Are Security Portals Secure Enough ?
AKS aka 0kn0ck , CERA
Stats:
Severe SQL Injection vulnerability in Live SearchSecurity Network.
Vulnerability Disclosure: 28 March 2008
Vulnerability Patched: 1 April 2008
Proper and Confidential Follow ups.
Note : For Education Purposes Only !.
View:
This issue comes to play when I was checking an article stuff on SearchSecurity Techtarget. The article is linked through CGISecurity. The article was "The essentials of Web application threat modeling".A little sarcasm occurs after a bit of testing.
Security is everywhere. The security industry is growing rapidly or the business is growing. Are the quality of applied web security is enough to prevent number of attacks. One can find number of security websites providing content such as security papers , tools etc. The basic realm is to provide the security resources. The resources are hosted on number of security driven websites.As the security is a base element to provide to the community. Its a common factor that these websites should be secure enough to hold the content of security. But I think the meaning of security is changed a bit with the ever increasing industry. Websites hosting number of whitepapers on sql injection and othe web attacks are itself prone to SQL Injections. No doubt business is a prominent element but the security should be implemented with quality control. But this is not there. Are these security portals are secure enough.
Its a kind of sarcastic layout of security as per the definition is concerned.Let's backup this issue with the case study of
SearchSecurity Techtarget
About SearchSecurity:IT security pros turn to us for the information they require to keep their corporate data and assets secure. We're the only information resource that provides immediate access to breaking industry news, virus alerts, webcasts, white papers, security schools, a selection of highly focused security e-newsletters and more - all at no cost. Nowhere else will you find such a highly targeted combination of resources specifically dedicated to the success of today's IT-security professional.
This website holds ample amount of information of all kinds including web security. But this website is vulnerable to SQL injections and other problems.It persists in almost every link where an input can be injected. The injection triggers well. This factor really disseminates the working approach of security as per the defined standards. Can we call it as a coding issue or improper development or trodden security. what ever it is. But this lay a false impression of security being inplemented. Lets have a look at this issue:
The underlined links are vulnerable:
1. http://searchsecurity.techtarget.com.au/topics/article.asp?DocID=1306902.
Example:
1. http://searchsecurity.techtarget.com.au/assets/redir.asp?item=1123.
Example:
Changed URLs:-
1. http://searchsecurity.techtarget.com.au/articles/22697-The-essentials-of-Web-application-threat-modeling
On redirection links:-
2. http://searchsecurity.techtarget.com.au/assets/redir.asp? - The Referrer Check is implemented.
A wrong input gives an error as:
Thats all.
Solutions: References:
1. http://portal.spidynamics.com/blogs/msutton/archive/2006/09/26/How-Prevalent-Are-SQL-Injection-Vulnerabilities_3F00_.aspx