code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting
Preview meta tags from the code-white.com website.
Linked Hostnames
17- 24 links tocode-white.com
- 14 links toreferencesource.microsoft.com
- 9 links togithub.com
- 3 links tolearn.microsoft.com
- 3 links towww.nuget.org
- 2 links totwitter.com
- 2 links towww.linkedin.com
- 1 link tobsky.app
Thumbnail
Search Engine Appearance
CODE WHITE | Leaking ObjRefs to Exploit HTTP .NET Remoting
Although already considered deprecated in 2009, .NET Remoting is still around. Even where developers might not expect it such as in ASP.NET web applications, both on-premises and on Azure. In this blog post, we will elaborate on an hidden attack surface in ASP.NET web applications that might unknowingly leak internal object URIs, which can be used to perform .NET Remoting attacks via HTTP, possibly allowing unauthenticated remote code execution.
Bing
CODE WHITE | Leaking ObjRefs to Exploit HTTP .NET Remoting
Although already considered deprecated in 2009, .NET Remoting is still around. Even where developers might not expect it such as in ASP.NET web applications, both on-premises and on Azure. In this blog post, we will elaborate on an hidden attack surface in ASP.NET web applications that might unknowingly leak internal object URIs, which can be used to perform .NET Remoting attacks via HTTP, possibly allowing unauthenticated remote code execution.
DuckDuckGo
CODE WHITE | Leaking ObjRefs to Exploit HTTP .NET Remoting
Although already considered deprecated in 2009, .NET Remoting is still around. Even where developers might not expect it such as in ASP.NET web applications, both on-premises and on Azure. In this blog post, we will elaborate on an hidden attack surface in ASP.NET web applications that might unknowingly leak internal object URIs, which can be used to perform .NET Remoting attacks via HTTP, possibly allowing unauthenticated remote code execution.
General Meta Tags
4- titleCODE WHITE | Red Teaming & Attack Surface Management
- charsetutf-8
- viewportwidth=device-width, initial-scale=1
- descriptionAlthough already considered deprecated in 2009, .NET Remoting is still around. Even where developers might not expect it such as in ASP.NET web applications, both on-premises and on Azure. In this blog post, we will elaborate on an hidden attack surface in ASP.NET web applications that might unknowingly leak internal object URIs, which can be used to perform .NET Remoting attacks via HTTP, possibly allowing unauthenticated remote code execution.
Open Graph Meta Tags
5- og:titleCODE WHITE | Leaking ObjRefs to Exploit HTTP .NET Remoting
- og:descriptionHow leaking valid `ObjRef`s to target .NET Remoting for Remote Code Execution is not considered a vulnerability – at least according to Microsoft.
- og:typearticle
- og:urlhttps://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/
- og:imagehttps://code-white.com/images/featured.png
Link Tags
20- alternatehttps://code-white.com/index.xml
- alternatehttps://code-white.com/blog/index.xml
- canonicalhttps://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/
- stylesheethttps://code-white.com/css/header.css
- stylesheethttps://code-white.com/css/style.css
Links
67- http://go.microsoft.com/fwlink/?LinkID=127777
- https://bsky.app/intent/compose?text=Leaking%20ObjRefs%20to%20Exploit%20HTTP%20.NET%20Remoting%20How%20leaking%20valid%20%3ccode%3eObjRef%3c%2fcode%3es%20to%20target%20.NET%20Remoting%20for%20Remote%20Code%20Execution%20is%20not%20considered%20a%20vulnerability%20%e2%80%93%20at%20least%20according%20to%20Microsoft.%20https%3a%2f%2fcode-white.com%2fblog%2fleaking-objrefs-to-exploit-http-dotnet-remoting%2f
- https://code-white.com
- https://code-white.com/#about-us
- https://code-white.com/#initial