autopsy of vulnerabilities
play

Autopsy of Vulnerabilities E z e q u i e l Z e q u i - PowerPoint PPT Presentation

Jun 02, 2023 •213 likes •509 views

Autopsy of Vulnerabilities E z e q u i e l Z e q u i V z q u e z Who Am I? B a c k e n d d e v e l o p e r D e v O p s S e c u r i t y & H a c k i n g F r o m J e r

  2. Autopsy of Vulnerabilities E z e q u i e l “ Z e q u i ” V á z q u e z

  3. Who Am I? B a c k e n d d e v e l o p e r D e v O p s S e c u r i t y & H a c k i n g F r o m J e r e z ( s o u t h e r n S p a i n ) @RabbitLair

  5. We will “dissect” the following S A - C O R E - 2 0 1 4 - 0 0 5 – S Q L i n j e c t i o n a s a n o n y mo u s u s e r S A - C O R E - 2 0 1 8 - 0 0 2 – R e mo t e c o d e e x e c u t i o n a s a n o n y mo u s u s e r

  6. Why this session?

  7. Why this session?

  8. Three steps analysis D e s c r i p t i o n o f t e c h n o l o g y c o mp o n e n t s i mp l i e d o n t h e v u l n e r a b i l i t y D e s c r i p t i o n o f h o w t h e v u l n e r a b i l i t y w o r k s V u l n e r a b i l i t y e x p l o i t i n g l i v e d e mo

  9. SA-CORE-2014-005 / CVE-2014-3704 S Q L I n j e c t i o n a s a n o n y mo u s u s e r D r u p a l 7 . 3 1 a n d b e l o w 2 5 / 2 5 s c o r e o n N I S T i n d e x P a t c h e d o n O c t o b e r 1 5 t h , 2 0 1 4

  10. Arrays on HTTP POST method

  11. Database queries sanitization includes/database/database.inc F i l e expandArguments Me t h o d “column IN (a, b, c) ” S Q L q u e r i e s wi t h c o n d i t i o n l i k e Q u e r y s k e l e t o n i s b u i l d wi t h p l a c e h o l d e r s , wh i c h a r e r e p l a c e d a f t e r t h e y a r e s a n i t i z e d

  12. Database queries sanitization: an example U s e r e d i t f o r m a s a d mi n i s t r a t o r . We c a n s e l e c t wh i c h r o l e s t h e u s e r h a s . - - b e c o me s - - >

  13. Database queries sanitization: an example expandArguments Me t h o d c h a n g e s t h e i mp l i c i t i n d e x e s b y e x p l i c i t o n e s u s i n g a r r a y n a me - - b e c o me s - - >

  14. Database queries sanitization: an example T h e q u e r y s t r u c t u r e i s b u i l t u s i n g t h e e x p l i c i t a r r a y k e y s a s p l a c e h o l d e r s F i n a l l y , t h e p l a c e h o l d e r s a r e r e p l a c e d b y t h e s a n i t i z e d v a l u e s , a n d t h e q u e r y i s e x e c u t e d

  15. The vulnerability O r i g i n a l a r r a y k e y s a r e u s e d t o b u i l d p l a c e h o l d e r n a me s wi t h o u t b e i n g s a n i t i z e d .

  16. The vulnerability O r i g i n a l a r r a y k e y s a r e u s e d t o b u i l d p l a c e h o l d e r n a me s wi t h o u t b e i n g s a n i t i z e d .

  17. Let's see it!

  18. SA-CORE-2018-002 / CVE-2018-7600 R e mo t e c o d e e x e c u t i o n a s a n o n y mo u s u s e r D r u p a l 5 . x , 6 . x , 7 . 5 7 a n d b e l o w, 8 . 5 . 0 a n d b e l o w 2 4 / 2 5 s c o r e o n N I S T i n d e x P a t c h e d o n Ma r c h 2 8 t h , 2 0 1 8

  19. Render arrays # A r r a y s wh o s e k e y s s t a r t wi t h c h a r a c t e r Me c h a n i s m t o r e n d e r e v e r y t h i n g R e c u r s i v e b e h a v i o r post_render , pre_render , C a l l b a c k s : . . .

  20. Form processing with AJAX API F o r m s u b mi t t e d v i a X H R r e q u e s t #value S u b mi t t e d v a l u e s a r e s t o r e d o n a t t r i b u t e f o r e a c h fi e l d element_parents P a r a me t e r d e t e r mi n e s e c t i o n o f f o r m t o b e r e - r e n d e r e d

  21. The vulnerability A f o r m fi e l d c o n t a i n i n g a r e n d e r a r r a y wi t h a c a l l b a c k c a n b e r e - r e n d e r e d u s i n g A J A X A P I .

  22. Let's see it!

  23. Final thoughts K e e p y o u r s i t e s u p d a t e d . N o e x c e p t i o n s . T h a n k y o u , s e c u r i t y t e a m! T o p r e v e n t v u l n e r a b i l i t i e s o n y o u r c o d e , y o u n e e d t o l e a r n a b o u t t h e m.

  24. Final thoughts

  25. Join us for contribution opportunities F r i d a y , A p r i l 1 2 , 2 0 1 9 Mentored First Time General Contribution Contributor Contribution Workshop 9 : 0 0 - 1 8 : 0 0 9 : 0 0 - 1 2 : 0 0 9 : 0 0 - 1 8 : 0 0 R o o m: 6 0 2 R o o m: 6 0 6 R o o m: 6 A #DrupalContributions

  26. What did you think? L o c a t e t h i s s e s s i o n a t t h e D r u p a l C o n S e a t t l e w e b s i t e : http://seattle2019.drupal.org/schedule T a k e t h e S u r v e y ! https://www.surveymonkey.com/r/DrupalConSeattle

  27. Questions? A u t o p s y o f V u l n e r a b i l i t i e s , b y Z e q u i V á z q u e z

  28. Thank you! A u t o p s y o f V u l n e r a b i l i t i e s , b y Z e q u i V á z q u e z

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The S cholarly Article Autopsy Information S ources from the Inside Out Krista Bowers S harpe

The S cholarly Article Autopsy Information S ources from the Inside Out Krista Bowers S harpe

The S cholarly Article Autopsy Information S ources from the Inside Out Krista Bowers S harpe Western Illinois University Libraries 1 Presentation Overview: Background S cholarly article autopsy activity Audience Learning

489 views • 25 slides
Autopsy of a Small UST Site in Bedrock: Autopsy of a Small UST Site in Bedrock: Implications for

Autopsy of a Small UST Site in Bedrock: Autopsy of a Small UST Site in Bedrock: Implications for

Autopsy of a Small UST Site in Bedrock: Autopsy of a Small UST Site in Bedrock: Implications for Remedial Effectiveness Implications for Remedial Effectiveness Case Study, Devens, MA Case Study, Devens, MA William C. Brandon, Hydrogeologist,

1k views • 67 slides
CSN08101 Digital Forensics Lecture 5: Data management and Autopsy Lecture 5: Data management and

CSN08101 Digital Forensics Lecture 5: Data management and Autopsy Lecture 5: Data management and

CSN08101 Digital Forensics Lecture 5: Data management and Autopsy Lecture 5: Data management and Autopsy Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Data Management for Forensics You will learn in this lecture: Command

663 views • 24 slides
NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides
vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security & Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides
New Deal Financial Acts and the Business of Foreign Debt Underwriting: Autopsy of a Regime

New Deal Financial Acts and the Business of Foreign Debt Underwriting: Autopsy of a Regime

New Deal Financial Acts and the Business of Foreign Debt Underwriting: Autopsy of a Regime Change Marc Flandreau, 4th PPP Panel, The Sub-prime Crisis and How it Changed the Past Graduate Institute of International Studies and Development,

229 views • 19 slides
Autopsy of a PO Claim Exploring the Blood, Guts & Consequences of the Typical (or not)

Autopsy of a PO Claim Exploring the Blood, Guts & Consequences of the Typical (or not)

Autopsy of a PO Claim Exploring the Blood, Guts & Consequences of the Typical (or not) Public Officials Lawsuit Presented by: Larry Simmons Deborah Bonner Stan Lewiecki Germer PLLC Claims Attorney TAC Claims Attorney TAC 713 830

368 views • 19 slides
INFECTION PRECAUTIONS Draft Guidelines on autopsy practice: : Precautions for hig igh-risk in

INFECTION PRECAUTIONS Draft Guidelines on autopsy practice: : Precautions for hig igh-risk in

INFECTION PRECAUTIONS Draft Guidelines on autopsy practice: : Precautions for hig igh-risk in infectious autopsies Sebastian Lucas Ruby Stewart St Thomas Hospital London SE1 HIV + TB [Ruby & Ula Yellow Mahadeva] fever post-

609 views • 21 slides
Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different operating systems Different vendors Client and server systems Vendors try to correct Attackers try to exploit Security professionals must

620 views • 11 slides
State of the Molecular Autopsy Michael J. Ackerman, MD, PhD Windland Smith Rice Cardiovascular

State of the Molecular Autopsy Michael J. Ackerman, MD, PhD Windland Smith Rice Cardiovascular

State of the Molecular Autopsy Michael J. Ackerman, MD, PhD Windland Smith Rice Cardiovascular Genomics Research Professor Professor of Medicine, Pediatrics, and Pharmacology Director, Long QT Syndrome/Genetic Heart Rhythm Clinic and the Mayo

451 views • 34 slides
Health Effects of Urban Air Pollution: An autopsy based approach Paulo Saldiva Faculty of

Health Effects of Urban Air Pollution: An autopsy based approach Paulo Saldiva Faculty of

Health Effects of Urban Air Pollution: An autopsy based approach Paulo Saldiva Faculty of Medicine University of So Paulo Background Fajersztajn et al. Nature Reviews Cancer. 2013; 13(9):674-8 Spatial distribution of nitrogen dioxide in

789 views • 9 slides
Autopsy of a multiserver deadlock in the HelenOS filesystem layer Jakub Jerm Introduction

Autopsy of a multiserver deadlock in the HelenOS filesystem layer Jakub Jerm Introduction

Autopsy of a multiserver deadlock in the HelenOS filesystem layer Jakub Jerm Introduction Microkernel + Multiserver = lots of message passing among lots of processes = breeding ground for distributed deadlocks Microkernels devroom,

445 views • 43 slides
Autopsy Report Seabirds killed and returned from the 20 0 8 -0 9 fishing year David Thom

Autopsy Report Seabirds killed and returned from the 20 0 8 -0 9 fishing year David Thom

Autopsy Report Seabirds killed and returned from the 20 0 8 -0 9 fishing year David Thom pson Contract INT20 0 7/ 0 2 Sum m ary 38 5 specim ens returned, 28 taxa 1 blue penguin gaffed 75 trips, 62 vessels 60 % of specim

373 views • 12 slides
Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Rome, May 31, 2011 Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities > analysis of 5 years of field data Jonathan Pollet, CISSP , CAP , PCIP Red Tiger Security [on behalf of the DHS CSSP

413 views • 20 slides
Autopsy of an automation disaster Jean-Franois Gagn - Saturday, February 4, 2017 FOSDEM MySQL

Autopsy of an automation disaster Jean-Franois Gagn - Saturday, February 4, 2017 FOSDEM MySQL

Autopsy of an automation disaster Jean-Franois Gagn - Saturday, February 4, 2017 FOSDEM MySQL & Friends Devroom To err is human To really foul things up requires a computer [1] (or a script) [1]:

478 views • 30 slides
HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Basic Vulnerabilities and their Exploitation Samuel Angebault HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel Angebault staphylo@lse.epita.fr http://lse.epita.fr/ July 18, 2013 Table

969 views • 57 slides
E ffi cient and Incentive-Compatible Liver Exchange Haluk Ergin Tayfun Snmez M. Utku nver U

E ffi cient and Incentive-Compatible Liver Exchange Haluk Ergin Tayfun Snmez M. Utku nver U

E ffi cient and Incentive-Compatible Liver Exchange Haluk Ergin Tayfun Snmez M. Utku nver U C Berkeley Boston College Boston College Introduction Kidney Exchange became a wide-spread modality of transplantation within the last

556 views • 42 slides
MMRIA ABSTRACTOR OFFICE HOURS ENHANCING REVIEWS AND SURVEILLANCE TO ELIMINATE MATERNAL MORTALITY

MMRIA ABSTRACTOR OFFICE HOURS ENHANCING REVIEWS AND SURVEILLANCE TO ELIMINATE MATERNAL MORTALITY

MMRIA ABSTRACTOR OFFICE HOURS ENHANCING REVIEWS AND SURVEILLANCE TO ELIMINATE MATERNAL MORTALITY (ERASE MM) NOVEMBER 21, 2019 Centers for Disease Control and Prevention National Center for Chronic Disease Prevention and Health Promotion Division

288 views • 7 slides
Suicide Prevention: A community effort Zachary K. Parrett, PsyD Clinical Psychologist, Suicide

Suicide Prevention: A community effort Zachary K. Parrett, PsyD Clinical Psychologist, Suicide

Suicide Prevention: A community effort Zachary K. Parrett, PsyD Clinical Psychologist, Suicide Prevention Coordinator Kansas City VAMC 1 Disclosure I have no actual or potential conflict of interest in relation to this

715 views • 50 slides
Work Group Considerations: Proposed Recommendation Text for Policy Options Mary Choi, MD, MPH

Work Group Considerations: Proposed Recommendation Text for Policy Options Mary Choi, MD, MPH

National Center for Emerging and Zoonotic Infectious Diseases Work Group Considerations: Proposed Recommendation Text for Policy Options Mary Choi, MD, MPH Viral Special Pathogens Branch Centers for Disease Control and Prevention Advisory

369 views • 19 slides
Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning Dapeng Liu

Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning Dapeng Liu

Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning Dapeng Liu , Youjian Zhao, Haowen Xu, Yongqian Sun, Dan Pei, Jiao Luo, Xiaowei Jing, Mei Feng 2015/12/3 Dapeng Liu (liudp10@mails.tsinghua.edu.cn) KPIs and

545 views • 42 slides
Digital Witness Remote Method for Volunteering Digital Evidence on Mobile Devices Nigel Campbell

Digital Witness Remote Method for Volunteering Digital Evidence on Mobile Devices Nigel Campbell

Digital Witness Remote Method for Volunteering Digital Evidence on Mobile Devices Nigel Campbell , Evan Stuart, Trevor Goodyear, Winston Messer, and James Fairbanks $ whoami Research Scientist @ GTRI Software Developer MSCS Student

435 views • 30 slides
Is FGFR an Effective Target in Cholangiocarcinoma? Disclosures Consultant DebioPharm

Is FGFR an Effective Target in Cholangiocarcinoma? Disclosures Consultant DebioPharm

Chabner Symposium October 30, 2017 Lipika Goyal, MD, MPhil Massachusetts General Hospital Cancer Center Instructor, Harvard Medical School Is FGFR an Effective Target in Cholangiocarcinoma? Disclosures Consultant DebioPharm

685 views • 49 slides
Using Social Determinants of Health to Inform Fatality Review June 7, 2017 2:00 3:00 p.m. ET

Using Social Determinants of Health to Inform Fatality Review June 7, 2017 2:00 3:00 p.m. ET

Using Social Determinants of Health to Inform Fatality Review June 7, 2017 2:00 3:00 p.m. ET Housekeeping Webinar is being recorded and will be available with slides in a few days on our website: www.ncfrp.org. The Center will notify

788 views • 61 slides

More recommend