Scan has no HTTP Response (204 Views)
Reply
Occasional Contributor
Kate66
Posts: 3
Registered: ‎02-25-2014
Message 1 of 2 (204 Views)

Scan has no HTTP Response

Hi,

 

We are running WebInspect 10.1.177.0. On our recent scan with .NET web app, we found "possible format string injection" and "possible parameter based buffer overflow" vulnerablilites. However, under "Session Info" menu, the "HTTP Response " menu was grey.  If opening HTTP editor, we only saw HTTP Request and the reponse viewer is blank.

 

Do the blank responses mean the vulnerablities are confirmed or something was wrong during the scan?

 

Thanks for any help.

 

Kate66

Respected Contributor
HansEnders
Posts: 613
Registered: ‎07-01-2008
Message 2 of 2 (191 Views)

Re: Scan has no HTTP Response

I believe these null Responses are in the nature of these two probes.

 

From the Execution section of the Possible Format String Injection, it does indicate that the vulnerable response could include crashes, so I would assume a null response could be an option as well.

<<

To test for format string injection vulnerabilities, submit the string value "%n%s%n%s%n%s%n%s" in form input fields and watch to see if the application behaves oddly, such as crashing or returning a response that indicates a memory access exception occurred.

>>

 

 

As for the possible Parameter Based Buffer Overflow, there are three of these;  #5057 with 2100 bytes, #10254 with 270 bytes, and #10253 with 70 bytes.  The BO checks performed by WebInspect are not pure exploits, but more like "pulled punches".  They provide most of the payload, but not all of it, and then WebInspect is seeking a timed-out session or other delay in the Response timing that indicates the server is having trouble managing the Request and that providing it the full exploit could push it over the brink.  So for any Buffer Overflow check, I would not be surprised to see a null HTTP Response.


-- Habeas Data
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.