Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yahoo Zero-Day Vulnerability - Code Point of View

Similar presentations


Presentation on theme: "Yahoo Zero-Day Vulnerability - Code Point of View"— Presentation transcript:

1 Yahoo Zero-Day Vulnerability - Code Point of View
Ebrahim Hegazy @Zigoo0 Cyber Security 12 April

2 Not this type of bugs!

3 Nor even This type Of hunting!

4

5 1- Bug Bounty Programs. 2- Remote Code Execution Vulnerability 3- Live Example – WebPwn3r 4- Demo Videos

6 Bug Bounty Programs

7 Remote Code Execution Vulnerability
Simply, PHPCE occurs when user-supplied(GET/POST) values of the parameters are reflected inside eval() function, that vulnerability allows attackers to execute PHP code such as {echo system(“id”)} or any other php function/code.

8 Eval

9 Live Example – WebPwn3r

10 4- Demo Videos

11


Download ppt "Yahoo Zero-Day Vulnerability - Code Point of View"

Similar presentations


Ads by Google