[WEB SECURITY] SQL Injection via UserHostAddress function
neza0x at gmail.com
Sat May 8 17:44:38 EDT 2010
There is a site which makes decisions based on the client ip address. This
info is gotten via .NET Page.Request.UserHostAddress method so, apart from
doing some kind of sniffing stuff which clearly would be the first attack
vector, I realized that once this value is gotten, it is directly paste into
a SQL query without proper encoding which could introduce a SQL Injection
So, wondering whether there is a way to alter the REMOTE Address value
without affecting the TCP connection?
But honestly, I am not sure how this UserHostAddress get the Remote IP
Address, is this via REMOTE_ADDR env? HTTP Header?
Another option that came to my mind is to use a Proxy which can alter this
value without affecting the TCP communication.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity