a few security issues
play

A few security issues to takeover 34% of all websites Johannes - PowerPoint PPT Presentation

Aug 14, 2023 •259 likes •643 views

A few security issues to takeover 34% of all websites Johannes Dahse, PHP.RUHR 2019 Dortmund, Germany, 08.11.2019 1 Intro Johannes Dahse Former CTF addict Security Consultant RIPS open source, static analysis for PHP security Ph.D. Static

  1. A few security issues to takeover 34% of all websites Johannes Dahse, PHP.RUHR 2019 Dortmund, Germany, 08.11.2019 1

  2. Intro Johannes Dahse Former CTF addict Security Consultant RIPS open source, static analysis for PHP security Ph.D. Static Code Analysis @ Ruhr-University Bochum Co-Founder RIPS Technologies GmbH (since 2016) 2

  3. 3

  4. Usage of content management systems, W3Techs Why WordPress? 500 KLOC PHP (+55.000 plugins) RoR WordPress is used by 34.5% of the top 1M websites WordPress has a CMS market share of 61.2% ~240M unique domains = ~80M WordPress sites Python ~40M hosted on wordpress.com whitehouse.gov, Bloomberg, NBC, CNN, BBC, NYTimes 4

  5. Roadmap Pre-Auth Exploit authenticated functionality 5

  6. CVE-2019-9787 WordPress < 5.1.1 CSRF to Stored XSS 6

  7. Cross-Site Request Forgery (CSRF) Comment via CSRF is a feature for trackbacks and pingbacks, but most HTML tags and attributes are stripped 7

  8. Cross-Site Request Forgery (CSRF) attacker.com 8

  9. XSS filter bypass 9

  10. XSS filter bypass <a rel="rips" title='XSS " onmouseover=evilCode() id=" '> 10

  11. XSS filter bypass <a rel="rips" title='XSS " onmouseover=evilCode() id=" '> <a rel="rips" title= "XSS " onmouseover=evilCode() id=" ' "> 11

  12. Exploit Regular comment (filter_kses) 12

  13. Exploit Regular comment (filter_kses) mysuperblog.com 13

  14. Exploit Regular comment (filter_kses) mysuperblog.com Admin comment via CSRF <a rel="rips" title= "XSS " onmouseover=evilCode() id=" ' "> (filter_post_kses) 14

  15. Roadmap Pre-Auth Exploit authenticated functionality 15

  16. CVE-2018-12895 WordPress < 4.9.7 File Delete to RCE 16

  17. Second-Order File Delete 17

  18. Second-Order File Delete 18

  19. Video: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/ 19

  20. Roadmap Pre-Auth Exploit authenticated functionality 20

  21. CVE-2019-8942 CVE-2019-8943 WordPress < 5.0.1 PT & LFI to RCE 21

  22. Modify Post Meta Data _wp_attached_file 22

  23. Modify Post Meta Data _wp_attached_file _wp_page_template : Loads template file from /template/ dir No way to upload malicious template file 23

  24. Image Crop Look for file in uploads/ directory Or try to fetch file via HTTP 24

  25. File Resolving 25

  26. File Resolving evil.jpg?/../../template/evil.jpg 26

  27. Modify Post Meta Data - File Inclusion 27

  28. evil.jpg include ( 'templates/evil.jpg' ); 28

  29. Video: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ 29

  30. Imagick does not crop image exif meta data, GD does strip exif meta data when cropping Bonus: CVE-2019-6977 PHP GD Extension Buffer Overflow 30

  31. Roadmap Pre-Auth Exploit authenticated functionality 31

  32. WP Plugins Advent Calendar 32

  33. WordPress Security Advent Calendar Critical bugs in 16 most-used plugins 21 million total active installations 8x WooCommerce (4M active installs) 33

  34. WordPress.org Stored XSS Worm 34

  35. Plugin Repository WP Plugin SVN 35

  36. Stored XSS <script>worm()</script> → XSS worm can add a new user as committer to this plugin, who then infects the version again, and adds a backdoor to the plugin 36

  37. Thank you! blog.ripstech.com Advent calendar 2019 announced soon! johannes@ripstech.com / @FluxReiners 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues. Mobile access is expected to become the main access method. Services and mobile commerce (mCommerce) are expected to become a major business.

818 views • 20 slides
Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS

Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS

Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS ROCK CK S STEVENS, KEVIN HALLIDAY, MICHELLE MAZUREK // UNIV IVERSIT ITY O OF M MARYLAND JOSIAH DYKSTRA, JAMES CHAPMAN, ALEX FARMER //

290 views • 27 slides
Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards

Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards

LASER Workshop 2020 Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards Rock Stevens , Kevin Halliday, Michelle Mazurek / / University of Maryland Josiah Dykstra, James Chapman, Alexander F armer

345 views • 22 slides
Identifying Security Issues Identifying Security Issues in the Retail Payments System Evolution

Identifying Security Issues Identifying Security Issues in the Retail Payments System Evolution

Identifying Security Issues Identifying Security Issues in the Retail Payments System Evolution of Payments System Fraud David A Poe - Director David A. Poe - Director June 5, 2008 Fraud has moved from amateurs operating locally to

80 views • 6 slides
CS 410/510: Web Security Motivation Security issues are having a real impact 2016

CS 410/510: Web Security Motivation Security issues are having a real impact 2016

CS 410/510: Web Security Motivation Security issues are having a real impact 2016 election Stuxnet Snowden F-35 fighter Bangladesh heist Problem Example: Russian 2016 election hacking Influence election via fake news

556 views • 20 slides
Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in

Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in

Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in 16 January 2002 Security Issues in Mobile Agents 1 Overview of the Talk The Mobile Agent Paradigm Security Threats and Counter Measures

587 views • 24 slides
Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS

Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS

Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 18 Page 1 CS 236 Online Outline Routing security DNS security Lecture 18 Page 2

556 views • 31 slides
System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part 2) Byoungyoung Lee ( ) byoungyoung@snu.ac.kr Seoul National University 1 Outline Part1. Bugs in File Systems Semantic inconsistency

1.27k views • 115 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part

System Security Overview with an Emphasis on Security Issues for Storage and Emerging NVM (Part 1) Byoungyoung Lee ( ) byoungyoung@snu.ac.kr Seoul National University 1 Speaker: Byoungyoung Lee ( ) Research areas:

1.47k views • 106 slides
Social Security Disability Program s: SSDI and SSI Overview and Current Issues Scott Szymendera

Social Security Disability Program s: SSDI and SSI Overview and Current Issues Scott Szymendera

Social Security Disability Program s: SSDI and SSI Overview and Current Issues Scott Szymendera Congressional Research Service July 2 2 , 2 0 1 0 SOCIAL SECURITY DISABILITY Social Security Supplemental Security Disability Insurance Income

291 views • 13 slides
Harry &amp; Maes Inc Client Presentation; Security Issues and Recommendations Presented by:

Harry &amp; Maes Inc Client Presentation; Security Issues and Recommendations Presented by:

Harry &amp; Maes Inc Client Presentation; Security Issues and Recommendations Presented by: Angel Hooper, IT Security Consultant February 19, 2017 CYBR 650 Summary Due to a data breach, impacting 25,000 customers, Harry &amp; Maes has

618 views • 34 slides
Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from

Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from

2015/10/30 Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from Univ. of Waterloo References Main Reference Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber Security and

397 views • 13 slides
Issues of food security in South Africa and FAOs role in eradication of food insecurity and

Issues of food security in South Africa and FAOs role in eradication of food insecurity and

Issues of food security in South Africa and FAOs role in eradication of food insecurity and malnutrition Pulses and Food Security Discussion Forum 2-3 June 2016 Kempton Park, Gauteng Presented by Dr Tobias Takavarasha, FAO Representative,

490 views • 14 slides
Women, Peace and Security in the Asia Pacific: Issues

Women, Peace and Security in the Asia Pacific: Issues

Women, Peace and Security in the Asia Pacific: Issues and Challenges Kamala Chandrakirana Canberra, November 2013 What is the WPS agenda and how

418 views • 24 slides
Security in the age of social media Exploring the benefits and security risks Please note the

Security in the age of social media Exploring the benefits and security risks Please note the

Sponsored by Security in the age of social media Exploring the benefits and security risks Please note the audio line will remain silent until 5 minutes before the webcast commences. Join our expert panel to discuss your security issues

481 views • 24 slides
Nonlinear Control Lecture # 12 Nonlinear Observers and Output Feedback Stabilization Nonlinear

Nonlinear Control Lecture # 12 Nonlinear Observers and Output Feedback Stabilization Nonlinear

Nonlinear Control Lecture # 12 Nonlinear Observers and Output Feedback Stabilization Nonlinear Control Lecture # 12 Nonlinear Observers and Output Feedback Stabilization Local Observers x = f ( x, u ) , y = h ( x ) x = f ( x, u )

467 views • 30 slides
WiFi security Joeri de Ruiter Agenda WiFi security WPA(2) Personal Enterprise

WiFi security Joeri de Ruiter Agenda WiFi security WPA(2) Personal Enterprise

Advanced Network Security WiFi security Joeri de Ruiter Agenda WiFi security WPA(2) Personal Enterprise WPA3 Key reinstallaton aaacas 2 WiFi IEEE 802.11 standard Some terminology: Staton (STA) is a

479 views • 46 slides
A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer

A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer

A Dependently Typed Framework for Maintaining Invariants Lszl Nmeth Department of Computer Science Bilgi University, Istanbul TYPES06 - Nottingham Lszl Nmeth A Dependently Typed Framework for Maintaining Invariants

434 views • 11 slides
The XML Query Language Xcerpt Pattern Queries for XML and Semistructured Data Franc ois Bry

The XML Query Language Xcerpt Pattern Queries for XML and Semistructured Data Franc ois Bry

L M U Ludwig Maximilians Universitt Mnchen The XML Query Language Xcerpt Pattern Queries for XML and Semistructured Data Franc ois Bry and Sebastian Schaffert http://www.pms.informatik.uni-muenchen.de Institut f ur Informatik, LMU

217 views • 21 slides
Dont trust user input Kirk Jackson, RedShield security.ac.nz, 25 Aug 2019 Building a secure

Dont trust user input Kirk Jackson, RedShield security.ac.nz, 25 Aug 2019 Building a secure

Dont trust user input Kirk Jackson, RedShield security.ac.nz, 25 Aug 2019 Building a secure web app Vulnerability Scan Configuration Review Penetration Testing Production Proxy IDS DLP File integrity monitoring Attacks AV Web

459 views • 30 slides
eb Security Software Studio yslin@DataLAB 1 OWASP Top 10 Security Risks in 2017 Rank Name

eb Security Software Studio yslin@DataLAB 1 OWASP Top 10 Security Risks in 2017 Rank Name

eb Security Software Studio yslin@DataLAB 1 OWASP Top 10 Security Risks in 2017 Rank Name 1 Injection 2 Broken Authentication and Session Management 3 Cross-Site Scripting (XSS) 4 Broken Access Control 5 Security Misconfiguration

944 views • 77 slides
Recursion and Induction: Program Development; Variable Ordering Greg Plaxton Theory in

Recursion and Induction: Program Development; Variable Ordering Greg Plaxton Theory in

Recursion and Induction: Program Development; Variable Ordering Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin Program Development Today we will develop a Haskell program

402 views • 21 slides
Prrs t r t t y = v

Prrs t r t t y = v

Prrs t r t t y = v t . gt sr t rrr t

472 views • 13 slides

More recommend