当前位置:首页 > 报告详情

加雷斯·海耶斯_分裂邮件原子利用解析器绕过访问控制.pdf

上传人: 张** 编号:175510 2024-09-13 61页 6.40MB

1、Splitting The Email AtomExploiting Parsers To Bypass Access ControlsGARETH HEYESOutlineWhy email address parser discrepancies matterThe shaky foundationParser discrepancies-Unicode overflows-Encoded-word-PunycodeMethodology/ToolingDefenceTakeawaysADD FUNKY STARS1.2.3.4.5.6.Why email address parser d

2、iscrepancies matterPredicting an email destination is extremely difficultThe shaky foundationRFC2822RFC“features”Quoted local- foo Quoted C(bar)foo(bar)(bar) The wrong questionWhich email is valid?#$&*+/=?_|-%(!#$&*+/=?_|-#$&*+/=?_|-%(Results in email to:#$&*+/=?_|-Which email domain does it go to?!

3、#$&*+/=?_|-Results in email to:#$&*+/=?_|- Separated by commas Final destination declared using colonSource ,:The percent hack foo%foo UUCP(Unix To Unix Copy)Early protocol before the internet Separates host and user part with exclamation mark Called the bang path Opposite order to an email !userArc

4、haic protocols back from the deadTreated as a source route(Postfix 3.6.4)Treated as UUCP(Sendmail 8.15.2)!foo foo%(UUCP/source route discovery processThe targets special characters:a-z0-9!#$%&*+/=?_|.-+a-z0-9-+(.a-z0-9-+)*!#$%&*+/=?_|-UUCP/source route discovery processUUCP/source route discovery OR

5、CPT=test;DEF CON Bonus slide:SMTP parameters in P!collab(DEF CON Bonus slide:More surprising email parsingcollab%127.0.0.1DEF CON Bonus slide:More surprising email parsingUnicode overflowsPHP chr()function generates characters 0 x00-0 x100/0-255How unicode overflows workwhile($bytevalue 0)$bytevalue

6、+=256;$bytevalue%=256;Generating an unicode overflowReal world unicode overflowsTakeaway:Smuggle characters using unicode overflows to bypass validationEncoded-wordHow encoded-word works Probing for encoded-wordEncoded-word case studiesExploiting Gitlab Enterprise servers with encoded spacesImpact:G

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文探讨了电子邮件地址解析的不一致性及其在安全方面的影响。作者Gareth Heyes详细说明了电子邮件地址解析中的多种漏洞,如Unicode溢出、编码字段和注释等,这些漏洞可被利用来绕过访问控制。他提出了一个方法论和工具,用于检测和利用这些漏洞,如使用编码字段来验证不受控制的电子邮件地址,或通过Unicode溢出来绕过验证。文章还讨论了早期协议如UUCP对现代电子邮件解析的影响,以及特殊字符组合如何影响电子邮件的目的地。最后,作者提供了防御措施,如禁用或过滤编码字段、始终验证电子邮件以及不要仅基于电子邮件域做出安全决策。
"电子邮件解析漏洞的影响有哪些?" "如何利用电子邮件解析漏洞进行绕过访问控制?" "如何防御电子邮件解析漏洞?"
客服
商务合作
小程序
服务号
折叠