[Security] [ZAP-Active Scan Alert] Buffer Overflow error reported for images load request in Benadmin.

[Security] [ZAP-Active Scan Alert] Buffer Overflow error reported for images load request in Benadmin.

URL : https://stage.workterra.net/BenAdmin/Images/benadmin-logo.png

Method : GET

Parameter : query

Attack :

GET https://stage.workterra.net/BenAdmin/Images/benadmin-logo.png?query=svYCMJYVvnByQVkQrRDtmsCoIAeMPkyQVZafbGLyQeHpQfpxNEAIWbeJFriRNwOLWhOvuxhTkvekLvVQgQWMsBgVGloxCpEyupPexadDBkuodaLxxfjmCEcpAuyCwFMbjPrLXeUYQGiQVJDoXeOpLEscJxyBSYUkSNFPHQPBShsBhJnhimZJXQTDDGCMVXuRlyryXyOHsqgASyDZSDAgRpfCrtUdtnsdKmyfTDNftMdxsyFWBFbrZTUWhmBlKYQeeSKelwXdcaBlylUIMEpeRZJMwQGvgifwUlimSNIXyuARqpMoDtyouvwTHqXVBrHrsfsjubCJolpHEBgSSMmKWUuaWcZxhFjBHKQmJkqbwCdtQYSBjQGkaunZvCkwpCtTwLUoghXdCDaGplexpQWpcruWRfkiFOoqnWEPnAJBjvVbydeQVkCPINRmeJXCvANGNPrsutHhTKWklBCdROnefWaWmfeBaIrkLflOjxWwgnIhvnMvVnTjmjZpHdXHKcSeuNoQWRQZgQjDBVIAhOBOqtpgybZCiYFZsTxJwiEELdOQlPnsMHpFQuMQFUCqPYGWlmETFoZLTiaIQeUeUScAFXFeZvhHgLtMJWWgbYadOjSyFAflKylFZLGbtstAgouHAYyWWkUtONuSBFdWoEPEyVITqSjpPEvSrFnfCZWOwZClJUUxbcrfVTYIwrmOTXbaHANcgGdRHMPNWYJLnjGlFjpmsnBRMnhfuTrwWgSYECJpGboystAInCBkWtfaQqlpEhJaEamGakPOrPDwTIkxOLljnWQnSfaBwnmZVpVgwyRARbFEoZJweIiNoxxuhcTxpDMYHLKZyMyfJdTPqDwMcTJUWoWVGorWlyqIMoDTabmrnhPFwwdirylGhuoXFQTUdLMfMiUQXklTuOSggCWTehEXbDxuCdKVpYyxLfqTUhifgapknxLvKgXJlRFVlnkvChYCZhclsQDUhTXfEuYPiFOOegOMmydiNLVIuwTYleSJKWJTYHvLRtpIyvEBvmdetlAMFytYGyelUJQvEgDbRKeKHLEhSaPQaiSNyELTibdvoGvxNPoDiytjZtwYHtCQctFxZOGtBYBXvUbXueTWoCVIlKjhVtEqEJtaKNGqiTVShcEmoGnQVLGOcQelFrFFtaBeJIDHLWNeqlGyJLfifHeakXMDvrarerKLnMcOERrfsFWnOtvfBjKTJZBexxCdBwebpvalnQIdBpynImlTXmWkIaXsOgrOccjWheOhuvOBLiiUfFpXBceToDhHZYWxGOSAraqnviycMpKgcYFKLsXEjZciAmQiEdjoNRlXxiHvXfosRQIFmgHUnXfpRyydrZFtJCjwdRiRPZQMbGjhHdvaOPcllDmFKtUPlruklZqxqhRNanbQseWQQwShWGBLHjMIrQcLGgPVCqxXKEHLauZCOdeXNDqLcuGSifeQnXYMWEkFdlJYWdKPpyKVCHTCJJUdivAKJpescwCZATMFHFVpKfKtamKwWlUcaebbiLpIwHBLWKBidfInAIYExhfAMGVJqZOTsbIAUWBYjhilCHxplqNouRgaEuuZhSlUskwVgpaySxixUkhuYJqkptXRDTIXaPjkIUuldOhOHSBjflEjjdGBFvfctrDDvhOSaMgVQArAASrKCloEDFxXgvtKkEGPghNktrCsxIToMQSDdnvKNBCnbwArFZdomGYecRorHgApxsRNlmITaSheaJsxGppsZJHmCucXPmFSFaEMwHHJnAmxfqTpmerSMHWEdrtAvRpPBrHKVoPSulxXUXJDDbqfwvrflEaPgOOevYfgMtMYbqyDyyDTUlplmCyKvcOrBTOEHQKkjNmYLVawmxILexeCFZLoshCfGGdChPKFAvfnaIOKRAsocFlvKJAgvFvDuJvnMkfFkygkasRtsdUXtEyrIOdhKMDsakkwjGagPEYqcspCVUGlpyUNXceloaSXMjhUXWeGdULIPAlvHarCgtheTRCFSnrhAAYTtovnQamSRxcviktuvSOJcmpyGhUyQbLWvNZyKKbrhGJpWAOISSJjVnDwcoXqLuheFZPqhIbQmQjZpTwVsXVoDYJtXtDASfnPVAkm HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0 Accept: image/png,image/;q=0.8,/*;q=0.5 Accept-Language: en-US,en;q=0.5 Referer: https://stage.workterra.net/Platform/UserDetails/UserDetails/EmployeeAgreement?InputType=9z0E7HUDFw5SKo3KBuo7SIzEyO6XP6fcXaGmHkabhLo%3d Cookie: __RequestVerificationToken_L1BsYXRmb3Jt0=2SmNWnxiViamQP6s84v4-hFJ7JZ7qmfgd1gg4W6NR8CpnLCVX19j-4XUMEFt02_HZTHwVvXgXkSQ2N6-KoeIpveCWlH3iNPHHAHW2nbAMW41; WTCookie=z4pyloighywxm4a3yxncmu14; IdForLoginValidation=9d5b2c47cbd242669377ae0539cd012c Connection: keep-alive Cache-Control: max-age=0 Content-Length: 0 Host: stage.workterra.net

Solution :
Rewrite the background program using proper return length checking. This will require a recompile of the background executable.

Other information

Potential Buffer Overflow. The script closed the connection and threw a 500 Internal Server Error

Reference: https://www.owasp.org/index.php/Buffer_overflow_attack

Please refer attached HTML report for more details.

CC: Rakesh RoySachin HingoleHrishikesh DeshpandeSamirVijayendra ShindeVijay SiddhaBharti SatputeGaurav SodaniNidhi Kaul