Friday 2 February 2018

Security Bugs and resolution in Sharepoint

1. For Cookies HTTP Only Flag Not Set :

Solution:

Set the following property in the web.config

<httpCookies httpOnlyCookies="true" …>
or
This can be  configured by adding  following in global.asax, This file is located at the Virtual Directory of the Web-application , So Go to IISManager  & Right Click on Web-app >> Explore .
protected void Session_Start(Object sender, EventArgs e)
{
 try
 {
  if (Request.IsSecureConnection == true)
  {
                Response.Cookies ["ASP.NET_SessionId"].Secure = true;
  }
 }
 catch (Exception)
 {
 }
}
</SCRIPT>

Reference: https://www.owasp.org/index.php/HttpOnly

2.  User controllable HTML element attribute (potential XSS)"
Solution :

Set the following Properties in the Web.Config

<system.web>
  <pages buffer="true" validateRequest="true" />

</system.web>


Reference: http://msdn.microsoft.com/en-us/library/ff649310.aspx


3. Prevent Anononymous users from accessing the  layouts directory:

Solution :

Set the following Properties in the Web.Config

<location path="_layouts/viewlsts.aspx">
            <system.web>
                  <authorization>
                       <allow users="domainname\user1,domainname\user2"/>
                        <deny users="?" />
                        <deny users="*" />

                  </authorization>

            </system.web>

      </location>

Reference:

http://www.sharemuch.com/2013/10/07/how-to-prevent-anonymous-users-from-accessing-your-sharepoint-_layout-directory/
http://blogs.technet.com/b/vedant/archive/2009/07/13/locking-down-sharepoint-sites.aspx
http://social.msdn.microsoft.com/Forums/office/en-US/c9c259b2-ba48-4c6b-9a71-0bfb3bad9f91/restrict-access-to-layouts-pages-to-anonymous-users-in-internet-facing-sharepoint-2007-sites?forum=sharepointdevelopmentlegacy


4) View state without MAC signature (Unsure)"vulnerability detected by zapa tool :


Solution :
Set the following Properties in the Web.Config





Pl refer the link to enable MAC Signature

This issue is generated in Internal URL i.e : http://example.com.

So We need to make the change in the web.config file of that port number.

http://www.codeproject.com/Articles/31344/Beginner-s-Guide-To-View-State


5X-frame-options

Solution:

To configure IIS to add an X-Frame-Options header to all responses for a given site, follow these steps:
  1. Open Internet Information Services (IIS) Manager.
  2. In the Connections pane on the left side, expand the Sites folder and select the site that you want to protect.
  3. Double-click the HTTP Response Headers icon in the feature list in the middle.
  4. In the Actions pane on the right side, click Add.
  5. In the dialog box that appears, type X-Frame-Options in the Name field and type SAMEORIGIN in the Value field.
  6. Click OK to save your changes.

6 ) ASP.Net View State Disclosure:

Solution:

<%@ Page ViewStateEncryptionMode="Always" %>
or 
<configuration>
   <system.web>
      <pages viewStateEncryptionMode="Always">



7) Generic Padding Oracle:

Solution:


<configuration>        

   <system.web>

      <customErrors mode="On" defaultRedirect="~ /Pages/DukhanErrorPage.aspx" />

   </system.web>        

</configuration>


8) Content Security Policy (CSP) Header Not Set:

Solution:

Add the following in HTTP Response of the Port

Content-Security-Policy: default-src 'self'


9) Backup File Disclosure threat:

Solution:

Take out all the unnecessary files in the layouts folder 

10) Server Leaks Information (X-Powered By):

Solution:


To remove the X-Powered-By header from IIS 7...
1.    Launch the Internet Information Services (IIS) Manager
2.    Expand the Sites folder
3.    Select the website to modify and double-click the HTTP Response Headers section in the IIS grouping.
4.    Each custom header is listed here, as the screen shot below shows. Select the header to remove and click the Remove link in the right-hand column.

http://www.4guysfromrolla.com/articles/120209-1.aspx 

11) Anti CSRF token Scanner:

Solution:

requestdigest-header = "X-RequestDigest" ":" requestdigest-value
requestdigest-value = 1*TEXT


http://msdn.microsoft.com/en-us/library/dd964175(v=office.12).aspx


http://msdn.microsoft.com/en-us/library/office/gg552614(v=office.14).aspx#bestpractice_crossrequest






12) ASP.NET View State Disclosure:




Solution:










<%@ Page ViewStateEncryptionMode="Always" %>




Or






<configuration>
   <system.web>
      <pages viewStateEncryptionMode="Always">




13) Information-disclosure:






Solution:





As per the Article this is a known issue in Microsoft For
More Information Please Refer the Link.







http://support.microsoft.com/kb/2827663











14) Hash Disclosure - Mac OSX salted SHA-1 security threat:







Solution:








As per the Article this is a known issue in Microsoft SP2013.







For More Information Please Refer the Link.



https://technet.microsoft.com/en-us/library/security/ms13-067.aspx











15) Example Passive Scanner: Denial of Service:







Solution:







To run netsh ipsecdosprotection commands



1.     At a command prompt
with administrator permissions, type netsh, press ENTER, type ipsecdosprotection, and then press ENTER again.



2.     Alternatively, if you
are at the command prompt but have not entered a netsh context, you can type: netsh
ipsecdosprotectioncommand



3.     add allowedkeyingmodule ikev1











For More Information Please Refer the Link.
http://technet.microsoft.com/en-us/library/ee621831(v=ws.10).aspx






16) Source Code Disclosure - SVN security threat:




Solution:










17) Hash Disclosure - MD4 / MD5 :







Known Issue in SharePoint 2013 it allows Hash Disclosure
please refer the link.



https://technet.microsoft.com/library/security/ms13-030



http://support.microsoft.com/kb/2827663











18) Directory listing detected: 













1.    
 Open IIS Manager and navigate to the level you
want to manage. 








2.    
In Features
View, double-click Directory Browsing.








3.    
In the Actions pane, click Enable if the Directory
Browsing feature
is disabled and you want to enable it. Or, click Disable if the Directory
Browsing feature
is enabled and you want to disable it.























19) Disabled Controls" vulnerability 




Wont fix : default sharepoint behaviour




20) ASP & ASPX Errors:






Wont fix : default sharepoint behaviour




21) Sharepoint Suffers from XSS and information disclosure flaws:



http://watchguardsecuritycenter.com/2013/04/09/sharepoint-suffers-from-xss-and-information-disclosure-flaws/



22) Directory Listing Detected:







http://www.networksteve.com/enterprise/topic.php/SharePoint_Security_Vulnerability/?TopicId=4609&Posts=7



New Solutions:



Framable Page 












<system.webServer>


  ...


 


  <httpProtocol>


    <customHeaders>


      <add name="X-Frame-Options" value="SAMEORIGIN" />


    </customHeaders>


  </httpProtocol>


 


  ...


</system.webServer>



23) Cookie Does Not Contain The "secure" Attribute:







This can be configured by adding  following in global.asax, This file is located atthe Virtual Directory of the Web-application , So Go to IISManager  &
Right Click on Web-app >> Explore .













GLobal .Asax file found under 



<SCRIPT language="C#"
runat="server">



protected void Session_Start(Object sender, EventArgs e)



{



 try



 {



  if
(Request.IsSecureConnection == true)



  {



               
Response.Cookies ["ASP.NET_SessionId"].Secure = true;



  }



 }



 catch (Exception)



 {



 }



}



</SCRIPT>

24) 



WINDOWS SERVER 2008 OR WINDOWS
SERVER 2008 R2 2520 ERROR cHECKING



1.       On the taskbar, click Start, point to Administrative Tools, and then
click Server Manager.



2.       In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).



3.       In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.







4.       On the Select Role Services page of the Add Role Services Wizard,
select Request Filtering,
and then click Next. 





5.       On the Confirm Installation Selections page, click Install.



6.       On the Results page, click Close.






































































By



at





No comments:
  


































          

        

          

        

Wednesday 24 September 2014


          

        

















The following Script for Saving Site as a Template using Powershell:





$Web=Get-SPWeb http://Servername:port/yourSite



$Web.SaveAsTemplate("Template Name","Template Title","Template 



Description",1)



Msdn



# Get a reference to the target site



$web = Get-SPWeb http://yoursitename



# Update the property bage value and set it  to the string value "true"



$web.AllProperties["SaveSiteAsTemplateEnabled"] = "true"



# Commit the property change to server



$web.Update()





Please Note that your site should be a publishing Site if not Enable it under Site Options - Set Publishing to true 






















By



at





No comments:
  


















Labels:

































The following Script helps us whether the SMTP service is Set on Our Sharepoint Site.





$site = New-Object Microsoft.SharePoint.SpSite("Your Site Name")
$web = $site.OpenWeb()
$sent = [Microsoft.Sharepoint.Utilities.SpUtility]::SendEmail

($web,0,0,”yourmail@domain.com”,”Test mail subject”,”test mail 
body”)
$sent



If the SMTP settings are configured Properly in the Server then a test mail will be delivered to the given Mail ID. 

































By



at





No comments:
  


















Labels:

















        

      









Subscribe to:
Posts (Atom)