Hown I can test "Microsoft ASP.NET Forms Authentication Bypass" in ASP.Net 4.0.30319

Question

I searched in google for "ASP.Net 4.0.30319 vulnerability " keyword. finally,I found "Microsoft ASP.NET Forms Authentication Bypass" in below link:

http://dl.packetstormsecurity.net/1203-exploits/SA-20120328-1.txt

but I don't know how to penetration test this vulnerability. otherwords , if someone get me one application that implemented by ASP.Net 4.0.30319 ,I can't proof exists this vulnerability.

My question is how to prove the existence of this vulnerability in a ASP.NET Applications? Do the necessary steps to patch this vulnerability has done by programer?

The details in the link provide your answer. I'm not sure what else you are looking for. Your last sentence is very unclear. — schroeder, Oct 26 '14 at 21:15

score 0 · Answer 1 · answered Apr 21 '21 at 05:09

I had this same question, and after a bit more digging, I found it.

The PoC should be here (as said in the file you linked in the question):

Furthermore, SEC Consult created a PoC video which can be found here: https://www.sec-consult.com/files/20120328-1_asp.net_authentication_bypass_MS11_100.mp4

However, this link is broken. Luckily, a single copy was archived on the Wayback Machine back in 2012, where the video can be successfully viewed, demonstrating how the exploit works!

https://web.archive.org/web/20120612214447/https://www.sec-consult.com/files/20120328-1_asp.net_authentication_bypass_MS11_100.mp4

score 0 · Answer 2 · answered Oct 27 '14 at 00:35

First, please review the corresponding MS bulletin on this vulnerability (MS11-100). Which you could have found by googling the CVE. I would recommend reading through this document, googling anything you do not understand and then checking the patch and versions depending on your operating system.

If the corresponding patches are installed on the machine, this would indicate that it is not vulnerable. If you are using something like nessus, you can prove it exists, there seems to be a nessus plugin to check for this (plugin id 57414).

Also, the link you provided has Proof of concept code you can utilize.

For your last question, I am not intimately familiar with this, but from reading through these links it is a vulnerable in the framework not in the way the code is authored, so if you are using a patched version of the framework this issue should not be present, but please read the details yourself to verify.

Where is the PoC code? It's only pinpointing the issue but there is no working PoC code? — Silver, Jun 13 '17 at 07:44
I agree, where is the POC code? I don't find this answer useful. I've read that bulletin which does not provide POC. — Michael C Good, Nov 14 '20 at 17:06

Hown I can test "Microsoft ASP.NET Forms Authentication Bypass" in ASP.Net 4.0.30319

2 Answers2