By benefiting from this surprising .NET habits, the researcher discovered RCE points in Barracuda Service Heart, Ivanti Endpoint Supervisor, Umbraco 8 CMS, Microsoft PowerShell, and Microsoft SQL Server Integration Providers. Nonetheless, he believes many extra merchandise and personal enterprise apps are possible weak.
“Probably the most highly effective exploitation path arises when functions generate HTTP shopper proxies from attacker-supplied WSDL information utilizing the ServiceDescriptionImporter class,” he stated. “That mechanism alone enabled profitable exploitation in merchandise from Barracuda, Ivanti, Microsoft and Umbraco, and it took just a few days of evaluation to seek out working circumstances.”
HTTP shopper proxies can deal with non-HTTP protocols
The .NET Framework and ASP.NET are among the many hottest programming languages for enterprise functions. When a developer desires their software to speak with an XML Net Service over HTTP they need to create a proxy class that’s derived from the built-in HttpWebClientProtocol class.
