Discovering Hidden Treasures: Extracting Secrets from Blazor Apps!

MrFreakyclown

11 Jan 202404:25

Summary

TLDRIn this video, the presenter discusses a vulnerability found in Microsoft's Blazer applications, particularly on the client-side where web assembly files are delivered through the browser. They reveal how developers sometimes inadvertently expose sensitive information in downloadable dynamic link libraries (DLLs), which can be extracted from local storage. The presenter introduces a nuclei template to identify such vulnerabilities and shares their experience of scanning numerous domains, including private bug bounty programs, to uncover potential security issues. The video concludes with a call to use the template responsibly for enhancing security rather than for malicious purposes.

Takeaways

🔍 The video discusses a vulnerability found in Blazer applications, a framework by Microsoft that compiles code into Web Assembly (WASM) files.
🛠️ Blazer applications can be built in two ways: server-side execution, which is more secure, and client-side execution, which is less secure and the focus of the vulnerability.
📁 Blazer apps use a bootloader in JSON format, which includes dynamic link libraries (DLLs) that are downloaded through the browser and stored in local storage.
🕵️‍♂️ The presenter discovered that developers sometimes inadvertently include sensitive information within these DLLs, which can be extracted and examined.
💡 The video provides insight into how to identify and extract sensitive information from DLLs, which can lead to the compromise of other services.
🛑 The presenter warns that while the vulnerability exists, it has already been extensively searched in bug bounty domains with no new findings expected soon.
📝 A nuclei template has been created by the presenter to automate the search for these JSON files and to differentiate between framework and custom DLLs.
🌐 The nuclei template was tested on a list of 10 million domains, revealing around 700 client-side Blazer configurations, but none with active bug bounty programs.
🚨 The video emphasizes the importance of using the nuclei template and similar tools for ethical security work to improve the security landscape.
🤝 The presenter and their team are proactively contacting domain owners to inform them of the issue, promoting responsible disclosure and collaboration.
📈 The video serves as a reminder of the ongoing need for vigilance in software development and security practices to protect against vulnerabilities.

Q & A

What is the main focus of the video?
-The video discusses a vulnerability discovered in Blazer applications and explains how it works, as well as how to use a nuclei template to identify similar issues.
What is Blazer and what does it do?
-Blazer is a framework written by Microsoft that compiles code into a web assembly (wasm) file, which is then delivered to the client and compiled and run there on the fly.
How are Blazer applications typically built and what are the security implications?
-Blazer applications can be built in two ways: server-side, which is more secure as the client doesn't see all the data, or client-side, where the wasm is delivered directly through the browser, which is less secure.
What is the role of the Json bootloader in Blazer applications?
-The Json bootloader in Blazer applications contains instructions and dynamic link libraries (DLLs) that are downloaded and run by the client's browser to execute the application.
Why are the DLLs in Blazer applications a potential security risk?
-The DLLs are downloaded through the browser and kept in local storage, which can be accessed to find sensitive information such as database configurations and passwords if developers mistakenly include them.
What did the video creator do after discovering the vulnerability?
-The creator wrote a nuclei template to automate the process of identifying vulnerable Blazer applications and sensitive information within the DLLs.
What did the video creator and their team do with the nuclei template?
-They used the nuclei template to scan through bug bounty domains and private bug bounty programs to identify any active vulnerabilities.
What was the outcome of the scan using the nuclei template on bug bounty domains?
-They found no active vulnerabilities in bug bounty programs, suggesting that the issue may have been addressed or is not widespread in these domains.
How did the video creator further test the nuclei template?
-They used the nuclei template to scan a list of 10 million live domains derived from the 15 million most popular domains on the internet.
What was the result of scanning the 10 million live domains?
-They identified about 700 client-side Blazer configurations but did not find any with active bug bounty programs.
What is the ethical stance of the video creator regarding the use of the nuclei template?
-The video creator encourages the use of the nuclei template for ethical security work to improve the security of applications, not for malicious purposes.