Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yahoo Zero-Day Vulnerability - Code Point of View

Published byDustin Glenn Modified over 6 years ago

Similar presentations

Presentation on theme: "Yahoo Zero-Day Vulnerability - Code Point of View"— Presentation transcript:

1 Yahoo Zero-Day Vulnerability - Code Point of View
Ebrahim Hegazy @Zigoo0 Cyber Security 12 April

2 Not this type of bugs!

3 Nor even This type Of hunting!

4

5 1- Bug Bounty Programs. 2- Remote Code Execution Vulnerability 3- Live Example – WebPwn3r 4- Demo Videos

6 Bug Bounty Programs

7 Remote Code Execution Vulnerability
Simply, PHPCE occurs when user-supplied(GET/POST) values of the parameters are reflected inside eval() function, that vulnerability allows attackers to execute PHP code such as {echo system(“id”)} or any other php function/code.

8 Eval

9 Live Example – WebPwn3r

10 4- Demo Videos

11

Download ppt "Yahoo Zero-Day Vulnerability - Code Point of View"

Similar presentations

©2009 Justin C. Klein Keane PHP Code Auditing Session 4.2 – File Include Vulnerabilities Justin C. Klien Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 4.2 – File Include Vulnerabilities Justin C. Klien Keane
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Testing by Duncan Butler Sara Stephens. Too much to cover.

Testing by Duncan Butler Sara Stephens. Too much to cover.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
SOFTWARE SECURITY JORINA VAN MALSEN 1 FLAX: Systematic Discovery of Client-Side Validation Vulnerabilities in Rich Web Applications.

SOFTWARE SECURITY JORINA VAN MALSEN 1 FLAX: Systematic Discovery of Client-Side Validation Vulnerabilities in Rich Web Applications.
XSS: Cross Site Scripting Alan Geleynse. Example

XSS: Cross Site Scripting Alan Geleynse. Example
Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.

 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
Security of Web Technologies: WebObjects Keshava P Subramanya

Security of Web Technologies: WebObjects Keshava P Subramanya
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Storage Issues 09/05. ownCloud Open source software ◦ php + javascript Main Features: ◦ Access Data ◦ Sync Data ◦ Share Data.

Storage Issues 09/05. ownCloud Open source software ◦ php + javascript Main Features: ◦ Access Data ◦ Sync Data ◦ Share Data.
Cyber vulnerabilities and the threat of attack: Making things better:

Cyber vulnerabilities and the threat of attack: Making things better:
Application Security Testing A practitioner’s rambling advice & musings.

Application Security Testing A practitioner’s rambling advice & musings.
ISE Confidential - not for distribution THE EVOLVING THREAT LANDSCAPE: ADVANCING ENTERPRISE SECURITY 11 December 2013.

ISE Confidential - not for distribution THE EVOLVING THREAT LANDSCAPE: ADVANCING ENTERPRISE SECURITY 11 December 2013.
Dream Team Corporation Library Management System National Innovation Foundation library Configuration and Testing Alexander Kanavin

Dream Team Corporation Library Management System National Innovation Foundation library Configuration and Testing Alexander Kanavin
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Behind Enemy Lines Administrative Web Application Attacks Rafael Dominguez Vega 12 th of March 2009.

Behind Enemy Lines Administrative Web Application Attacks Rafael Dominguez Vega 12 th of March 2009.
Web Application Vulnerabilities ECE 4112 Internetwork Security, Spring 2005 Chris Kelly Chris Lewis April 28, 2005 ECE 4112 Internetwork Security, Spring.

Web Application Vulnerabilities ECE 4112 Internetwork Security, Spring 2005 Chris Kelly Chris Lewis April 28, 2005 ECE 4112 Internetwork Security, Spring.
CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Security Overview Luca Canali, CERN Distributed Database Operations Workshop April 20-21.

CERN IT Department CH-1211 Genève 23 Switzerland t Security Overview Luca Canali, CERN Distributed Database Operations Workshop April

Similar presentations

Ads by Google