Last week, In a live hack for the RSA conference in San Francisco, the hacker used a malicious JPEG to violate the system at an unnamed US Government agency that ran a vulnerable website which allows photo upload. This single photo upload of a vulnerable website leads to compromise of whole network.
“I’m going to try to compromise the web server, then go for back end resources, and ultimately compromise a domain controller,” - he added.He further explaining his way to exploit the target system via exploiting the technique to upload a remote access trojan (RAT) created using the popular Metasploit Penetration Testing Software. For the successful exploitation he used couple of tools and compilers which were running on the Windows server.
The attack technique relies on the lack of input validation on the client side. vulnerable uploading portals which allows attacker to upload malicious content because it carries .jpge extension. This vulnerable uploading option validated the images submitted by the users, but not the file extension types, this means that once uploaded and previewed, the files display as the text that has been inserted into active content fields rather than the expected image.
Murray also posted a video demonstration of the attack, explaining the vulnerability and the exploitation of the targeted system .
So you can imagine that a simple input validation flaw on the system leads to compromise of whole network. I remembered a quote that I had read earlier is - "99.9% Security is 100% Vulnerable".