Hacking News no image

Published on April 21st, 2013 📆 | 5901 Views ⚑

0

SCIP – Indentify, Enumerate and Execute Invisible ASP.net Controls

SCIP is an OWASP ZAP extension designed to assess the security of ASP.net and Mono applications, while abusing platform specific behaviors and misconfigurations. 

The extension currently supports the following features: 

Identify the existence of invisible, commented and disabled server side web controls in ASP.net – passively (!). Identify which ASP.net security configuration is active in each page (EventValidation, MAC), and in which cases the invisible controls are exploitable – passively (!) 
Enumerate the names of invisible controls using built-in customizable dictionaries with ASP.net naming conventions.
Rebuild the event validation whenever possible (MAC=off)

Execute invisible controls when either one of the security features is turned OFF, or when there is a server-side callback implementation flaw.
 
Execute disabled controls and commented out controls regardless of security
Support additional manual techniques for executing controls despite the security features.

The extension can be obtained from the project’s website or from ZAP’s built-in marketplace feature: 

https://code.google.com/p/ria-scip/

Loading…

Premium WordPress Themes Download
Premium WordPress Themes Download
Download WordPress Themes Free
Download Best WordPress Themes Free Download
download udemy paid course for free

Tagged with:



Leave a Reply


Back to Top ↑