Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
net
NEW CONCEPTS
DEFEATING
WEB ATTACKS
(secure) SiteHoster
Family Named: AbhishekKr
Friends Call: ABK
g33k Handle: aBionic
IndependentSecurity Enthusiast/Researcher
Also a Member of „EvilFingers‟ (other than ‘NULL’)
http://sourceforge.net/projects/sitehoster
http://nullcon.net
aBionic@
twitter,linkedin,FB
http://null.co.in
http://nullcon.net
http://nullcon.net
aBionic@
ATTACK THE ATTACKER
twitter,linkedin,FB
http://null.co.in
http://nullcon.net
aBionic@twitter,linkedin,FB
<TAGS/> R GooD
aBionic@twitter,linkedin,FB
And if it’s Code…
aBionic@twitter,linkedin,FB
http://null.co.in
http://nullcon.net
!dea is to
aBionic@
BUG
twitter,linkedin,FB
http://null.co.in
http://nullcon.net
aBionic@
twitter,linkedin,FB
+ Karthik calling Karthik…
http://null.co.in
+ User (tricked) Input…
http://nullcon.net
aBionic@
twitter,linkedin,FB
http://null.co.in
http://nullcon.net
aBionic@
twitter,linkedin,FB
http://null.co.in
http://nullcon.net
Disarm <script/>
Take away all its POWER!!!!!
aBionic@
twitter,linkedin,FB
http://null.co.in
http://nullcon.net
aBionic@
twitter,linkedin,FB
Generated HyperText
<html>
<head><script>function h(){alert(“some dev-script in HEAD
Tag”);}</script></head>
<body>
<script DEFER>heavy_stuff=true;</script>
name: <div id=”fromDB” onMouseOver=”h();”>
<script>alert(„attacker injected it, could do anything‟);</script>
</div>
</body>
</html>
aBionic@twitter,linkedin,FB
Server Patched View
<html>
<head>
<script> function h(){alert(“this is dev-scripts in HEAD Tag”);}</script>
</head>
<BD>
<BODY >
<script DEFER>heavy_stuff=true;</script>
<script type='text/javascript'>
x=document.getElementsByTagName("BODY");
x[0].innerHTML = "name:<div id=\"fromDB\" onclick=\"h();\">
<script>alert(\'attacker injected it, could do anything\');<\/script><\/div>“;
</script>
</BODY>
</BD>
</html>
aBionic@twitter,linkedin,FB
http://null.co.in
http://nullcon.net
But… still
…other two monkeys got a chance
aBionic@
twitter,linkedin,FB
http://null.co.in
http://nullcon.net
aBionic@
twitter,linkedin,FB
http://null.co.in
http://nullcon.net
So „javascript:<bugMe/>‟
aBionic@
twitter,linkedin,FB
http://null.co.in
http://nullcon.net
aBionic@
twitter,linkedin,FB
http://null.co.in
http://nullcon.net
aBionic@
twitter,linkedin,FB
http://null.co.in http://nullcon.net aBionic@twitter,linkedin,FB
Ninja Parse User Input
aBionic@twitter,linkedin,FB
Bug-it-su pwn JS-Events
aBionic@twitter,linkedin,FB
hardcore ‘js-events’ pwnage
aBionic@twitter,linkedin,FB
http://null.co.in
http://nullcon.net
aBionic@
twitter,linkedin,FB
http://null.co.in
http://nullcon.net
Innocence Is Saved
Normal User Input Matching Attack aint Filtered
aBionic@
twitter,linkedin,FB
http://null.co.in
http://nullcon.net
aBionic@
twitter,linkedin,FB
CURRENTLY JUST DEV PERSPECTIVE
aBionic@twitter,linkedin,FB
For Un-Privileged AXNs
aBionic@twitter,linkedin,FB
Old Wine, Why Not Always Used
DB
all boss
Read on Read,write.*
Table T1
Read,Write
on Table t2
User- Web-App
Mapper
aBionic@twitter,linkedin,FB
http://null.co.in
http://nullcon.net
I OpenSource
GitHub: https://github.com/abhishekkr
SourceForge: http://sourceforge.net/users/abhishekkr
I Socialize: http://www.facebook.com/aBionic
I Techalize: http://in.linkedin.com/in/abionic
I Deviantize: http://abhishekkr.deviantart.com/