[WEB SECURITY] SQL Injection via UserHostAddress function

NeZa neza0x at gmail.com
Sat May 8 17:44:38 EDT 2010

There is a site which makes decisions based on the client ip address. This
info is gotten via .NET Page.Request.UserHostAddress method so, apart from
doing some kind of sniffing stuff which clearly would be the first attack
vector, I realized that once this value is gotten, it is directly paste into
a SQL query without proper encoding which could introduce a SQL Injection

So, wondering whether there is a way to alter the REMOTE Address value
without affecting the TCP connection?

But honestly, I am not sure how this UserHostAddress get the Remote IP
Address, is this via REMOTE_ADDR env? HTTP Header?

Another option that came to my mind is to use a Proxy which can alter this
value without affecting the TCP communication.

Any thought?

Daniel Regalado
NeZa Rifa!!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100508/d3a3f401/attachment.html>

More information about the websecurity mailing list