RE: AppSec Sample Reports

["Sutton, Paul A." <SuttonP () aafes com>]

I have not been able to locate a good "form report" for an assessment.
Currently I am working on one now I will post here when I am finished
and let me say it is nice so far. It should be relatively simple to
alter to most assessments which are one of my goals. If anyone has input
in wording the executive summary or the offer suggestions on the best
wrap-up let me know.

Paul Sutton
Network Data Security Analyst
Army Air Force Exchange Service
3911 S. Walton Walker Blvd.
Dallas, TX 75266-0202

-----Original Message-----
From: bill.louis () gmail com [mailto:bill.louis () gmail com] On Behalf Of
Alice Bryson
Sent: Tuesday, May 23, 2006 2:31 AM
To: pete () techsmartgroup com
Cc: webappsec () lists securityfocus com
Subject: Re: AppSec Sample Reports

You may see following as a sample:

WebCalendar CRLF Injection Vulnerability

I. BACKGROUND
WebCalendar is a PHP application used to maintain a calendar for one
or more persons and for a variety of purposes.

II. DESCRIPTION
CRLF injection vulnerability in WebCalendar layers_toggle.php allows
remote attackers to inject false HTTP headers into an HTTP request,
via a URL containing encoded carriage return, line feed, and other
whitespace characters.

III. PUBLISH DATE
Publish Date: 2005-12-1
Update Date: 2005-12-2

IV. AUTHOR
lwang (lwang at lwang dot org)

V. AFFECTED SOFTWARE
WebCalendar version 1.0.1 and 1.1.0 are affected. Older versions are
not verified.

VI. ANALYSIS
in layers_toggle.php, parameter $ret does not validation.
if ( empty ( $error ) ) {
// Go back to where we where if we can figure it out.
if ( strlen ( $ret ) )
do_redirect ( $ret );
else if ( ! empty ( $HTTP_REFERER ) )
do_redirect ( $HTTP_REFERER );
else
send_to_preferred_view ();

Proof of Concept:
http://victim/webcalendar/layers_toggle.php?status=on&ret=[url_redirect_
to]
        

VII. SOLUTION
Input validation will fix the bug.

VIII. ADVISORY
http://vd.lwang.org/webcalendar_crlf_injection.txt

IX. REFERENCE
http://www.k5n.us/webcalendar.php



2006/5/23, Pete Soderling <pete () techsmartgroup com>:
> Hey all,
>
> I'm interested if anyone has any sample appsec vulnerability reports
to
> share. I'm interested in learning/evaluating the best ways to report
on
> vulnerabilities to a client, and it would be helpful to see different
ways
> others have done it. Obviously, I'm not interested in - and don't want
these
> to contain any client-specific or sensitive info - but if anyone has
any
> appropriate documentation to share it would be helpful.
>
> Also appreciated would be links to any other online projects dealing
with
> this - although I haven't found much yet. I know OWASP has a PenTest
> Reporter tool in the works that would fall into this category,
although it
> doesn't look like it's been officially released yet.
>
> Thanks for any help or suggestions.
>
> cheers,
> --pete
------------------------------------------------------------------------
-
> Sponsored by: Watchfire
>
> Watchfire named worldwide market share leader in web application
security
> assessment by leading market research firm. Watchfire's AppScan is the
> industry's first and leading web application security testing suite,
and
> the only solution to provide comprehensive remediation tasks at every
> level of the application. See for yourself.
> Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c
>
------------------------------------------------------------------------
--
>


-- 
Homepage: http://www.lwang.org
mailto:abryson () bytefocus com

------------------------------------------------------------------------
-
Sponsored by: Watchfire

Watchfire named worldwide market share leader in web application
security 
assessment by leading market research firm. Watchfire's AppScan is the 
industry's first and leading web application security testing suite, and

the only solution to provide comprehensive remediation tasks at every 
level of the application. See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c
------------------------------------------------------------------------
--


-------------------------------------------------------------------------
Sponsored by: Watchfire

It's been reported that 75% of websites are vulnerable to attack. That's
because hackers know to exploit weaknesses in web applications.
Traditional approaches to securing these assets no longer apply. Download
the "Addressing Challenges in Application Security" whitepaper today, and
see for yourself.

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9m
--------------------------------------------------------------------------