autopsy of vulnerabilities
play

Autopsy of Vulnerabilities E z e q u i e l Z e q u i - PowerPoint PPT Presentation

Jun 02, 2023 •213 likes •509 views

Autopsy of Vulnerabilities E z e q u i e l Z e q u i V z q u e z Who Am I? B a c k e n d d e v e l o p e r D e v O p s S e c u r i t y & H a c k i n g F r o m J e r

  2. Autopsy of Vulnerabilities E z e q u i e l “ Z e q u i ” V á z q u e z

  3. Who Am I? B a c k e n d d e v e l o p e r D e v O p s S e c u r i t y & H a c k i n g F r o m J e r e z ( s o u t h e r n S p a i n ) @RabbitLair

  5. We will “dissect” the following S A - C O R E - 2 0 1 4 - 0 0 5 – S Q L i n j e c t i o n a s a n o n y mo u s u s e r S A - C O R E - 2 0 1 8 - 0 0 2 – R e mo t e c o d e e x e c u t i o n a s a n o n y mo u s u s e r

  6. Why this session?

  7. Why this session?

  8. Three steps analysis D e s c r i p t i o n o f t e c h n o l o g y c o mp o n e n t s i mp l i e d o n t h e v u l n e r a b i l i t y D e s c r i p t i o n o f h o w t h e v u l n e r a b i l i t y w o r k s V u l n e r a b i l i t y e x p l o i t i n g l i v e d e mo

  9. SA-CORE-2014-005 / CVE-2014-3704 S Q L I n j e c t i o n a s a n o n y mo u s u s e r D r u p a l 7 . 3 1 a n d b e l o w 2 5 / 2 5 s c o r e o n N I S T i n d e x P a t c h e d o n O c t o b e r 1 5 t h , 2 0 1 4

  10. Arrays on HTTP POST method

  11. Database queries sanitization includes/database/database.inc F i l e expandArguments Me t h o d “column IN (a, b, c) ” S Q L q u e r i e s wi t h c o n d i t i o n l i k e Q u e r y s k e l e t o n i s b u i l d wi t h p l a c e h o l d e r s , wh i c h a r e r e p l a c e d a f t e r t h e y a r e s a n i t i z e d

  12. Database queries sanitization: an example U s e r e d i t f o r m a s a d mi n i s t r a t o r . We c a n s e l e c t wh i c h r o l e s t h e u s e r h a s . - - b e c o me s - - >

  13. Database queries sanitization: an example expandArguments Me t h o d c h a n g e s t h e i mp l i c i t i n d e x e s b y e x p l i c i t o n e s u s i n g a r r a y n a me - - b e c o me s - - >

  14. Database queries sanitization: an example T h e q u e r y s t r u c t u r e i s b u i l t u s i n g t h e e x p l i c i t a r r a y k e y s a s p l a c e h o l d e r s F i n a l l y , t h e p l a c e h o l d e r s a r e r e p l a c e d b y t h e s a n i t i z e d v a l u e s , a n d t h e q u e r y i s e x e c u t e d

  15. The vulnerability O r i g i n a l a r r a y k e y s a r e u s e d t o b u i l d p l a c e h o l d e r n a me s wi t h o u t b e i n g s a n i t i z e d .

  16. The vulnerability O r i g i n a l a r r a y k e y s a r e u s e d t o b u i l d p l a c e h o l d e r n a me s wi t h o u t b e i n g s a n i t i z e d .

  17. Let's see it!

  18. SA-CORE-2018-002 / CVE-2018-7600 R e mo t e c o d e e x e c u t i o n a s a n o n y mo u s u s e r D r u p a l 5 . x , 6 . x , 7 . 5 7 a n d b e l o w, 8 . 5 . 0 a n d b e l o w 2 4 / 2 5 s c o r e o n N I S T i n d e x P a t c h e d o n Ma r c h 2 8 t h , 2 0 1 8

  19. Render arrays # A r r a y s wh o s e k e y s s t a r t wi t h c h a r a c t e r Me c h a n i s m t o r e n d e r e v e r y t h i n g R e c u r s i v e b e h a v i o r post_render , pre_render , C a l l b a c k s : . . .

  20. Form processing with AJAX API F o r m s u b mi t t e d v i a X H R r e q u e s t #value S u b mi t t e d v a l u e s a r e s t o r e d o n a t t r i b u t e f o r e a c h fi e l d element_parents P a r a me t e r d e t e r mi n e s e c t i o n o f f o r m t o b e r e - r e n d e r e d

  21. The vulnerability A f o r m fi e l d c o n t a i n i n g a r e n d e r a r r a y wi t h a c a l l b a c k c a n b e r e - r e n d e r e d u s i n g A J A X A P I .

  22. Let's see it!

  23. Final thoughts K e e p y o u r s i t e s u p d a t e d . N o e x c e p t i o n s . T h a n k y o u , s e c u r i t y t e a m! T o p r e v e n t v u l n e r a b i l i t i e s o n y o u r c o d e , y o u n e e d t o l e a r n a b o u t t h e m.

  24. Final thoughts

  25. Join us for contribution opportunities F r i d a y , A p r i l 1 2 , 2 0 1 9 Mentored First Time General Contribution Contributor Contribution Workshop 9 : 0 0 - 1 8 : 0 0 9 : 0 0 - 1 2 : 0 0 9 : 0 0 - 1 8 : 0 0 R o o m: 6 0 2 R o o m: 6 0 6 R o o m: 6 A #DrupalContributions

  26. What did you think? L o c a t e t h i s s e s s i o n a t t h e D r u p a l C o n S e a t t l e w e b s i t e : http://seattle2019.drupal.org/schedule T a k e t h e S u r v e y ! https://www.surveymonkey.com/r/DrupalConSeattle

  27. Questions? A u t o p s y o f V u l n e r a b i l i t i e s , b y Z e q u i V á z q u e z

  28. Thank you! A u t o p s y o f V u l n e r a b i l i t i e s , b y Z e q u i V á z q u e z

Recommend

The S cholarly Article Autopsy Information S ources from the Inside Out Krista Bowers S harpe

The S cholarly Article Autopsy Information S ources from the Inside Out Krista Bowers S harpe

The S cholarly Article Autopsy Information S ources from the Inside Out Krista Bowers S harpe Western Illinois University Libraries 1 Presentation Overview: Background S cholarly article autopsy activity Audience Learning

489 views • 25 slides
Autopsy of a Small UST Site in Bedrock: Autopsy of a Small UST Site in Bedrock: Implications for

Autopsy of a Small UST Site in Bedrock: Autopsy of a Small UST Site in Bedrock: Implications for

Autopsy of a Small UST Site in Bedrock: Autopsy of a Small UST Site in Bedrock: Implications for Remedial Effectiveness Implications for Remedial Effectiveness Case Study, Devens, MA Case Study, Devens, MA William C. Brandon, Hydrogeologist,

1k views • 67 slides
CSN08101 Digital Forensics Lecture 5: Data management and Autopsy Lecture 5: Data management and

CSN08101 Digital Forensics Lecture 5: Data management and Autopsy Lecture 5: Data management and

CSN08101 Digital Forensics Lecture 5: Data management and Autopsy Lecture 5: Data management and Autopsy Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Data Management for Forensics You will learn in this lecture: Command

663 views • 24 slides
NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides
vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security & Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides
New Deal Financial Acts and the Business of Foreign Debt Underwriting: Autopsy of a Regime

New Deal Financial Acts and the Business of Foreign Debt Underwriting: Autopsy of a Regime

New Deal Financial Acts and the Business of Foreign Debt Underwriting: Autopsy of a Regime Change Marc Flandreau, 4th PPP Panel, The Sub-prime Crisis and How it Changed the Past Graduate Institute of International Studies and Development,

229 views • 19 slides
Autopsy of a PO Claim Exploring the Blood, Guts & Consequences of the Typical (or not)

Autopsy of a PO Claim Exploring the Blood, Guts & Consequences of the Typical (or not)

Autopsy of a PO Claim Exploring the Blood, Guts & Consequences of the Typical (or not) Public Officials Lawsuit Presented by: Larry Simmons Deborah Bonner Stan Lewiecki Germer PLLC Claims Attorney TAC Claims Attorney TAC 713 830

368 views • 19 slides
INFECTION PRECAUTIONS Draft Guidelines on autopsy practice: : Precautions for hig igh-risk in

INFECTION PRECAUTIONS Draft Guidelines on autopsy practice: : Precautions for hig igh-risk in

INFECTION PRECAUTIONS Draft Guidelines on autopsy practice: : Precautions for hig igh-risk in infectious autopsies Sebastian Lucas Ruby Stewart St Thomas Hospital London SE1 HIV + TB [Ruby & Ula Yellow Mahadeva] fever post-

609 views • 21 slides
Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different operating systems Different vendors Client and server systems Vendors try to correct Attackers try to exploit Security professionals must

620 views • 11 slides
State of the Molecular Autopsy Michael J. Ackerman, MD, PhD Windland Smith Rice Cardiovascular

State of the Molecular Autopsy Michael J. Ackerman, MD, PhD Windland Smith Rice Cardiovascular

State of the Molecular Autopsy Michael J. Ackerman, MD, PhD Windland Smith Rice Cardiovascular Genomics Research Professor Professor of Medicine, Pediatrics, and Pharmacology Director, Long QT Syndrome/Genetic Heart Rhythm Clinic and the Mayo

454 views • 34 slides
Health Effects of Urban Air Pollution: An autopsy based approach Paulo Saldiva Faculty of

Health Effects of Urban Air Pollution: An autopsy based approach Paulo Saldiva Faculty of

Health Effects of Urban Air Pollution: An autopsy based approach Paulo Saldiva Faculty of Medicine University of So Paulo Background Fajersztajn et al. Nature Reviews Cancer. 2013; 13(9):674-8 Spatial distribution of nitrogen dioxide in

789 views • 9 slides
Autopsy of a multiserver deadlock in the HelenOS filesystem layer Jakub Jerm Introduction

Autopsy of a multiserver deadlock in the HelenOS filesystem layer Jakub Jerm Introduction

Autopsy of a multiserver deadlock in the HelenOS filesystem layer Jakub Jerm Introduction Microkernel + Multiserver = lots of message passing among lots of processes = breeding ground for distributed deadlocks Microkernels devroom,

445 views • 43 slides
Autopsy Report Seabirds killed and returned from the 20 0 8 -0 9 fishing year David Thom

Autopsy Report Seabirds killed and returned from the 20 0 8 -0 9 fishing year David Thom

Autopsy Report Seabirds killed and returned from the 20 0 8 -0 9 fishing year David Thom pson Contract INT20 0 7/ 0 2 Sum m ary 38 5 specim ens returned, 28 taxa 1 blue penguin gaffed 75 trips, 62 vessels 60 % of specim

373 views • 12 slides
Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Rome, May 31, 2011 Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities > analysis of 5 years of field data Jonathan Pollet, CISSP , CAP , PCIP Red Tiger Security [on behalf of the DHS CSSP

413 views • 20 slides
Autopsy of an automation disaster Jean-Franois Gagn - Saturday, February 4, 2017 FOSDEM MySQL

Autopsy of an automation disaster Jean-Franois Gagn - Saturday, February 4, 2017 FOSDEM MySQL

Autopsy of an automation disaster Jean-Franois Gagn - Saturday, February 4, 2017 FOSDEM MySQL & Friends Devroom To err is human To really foul things up requires a computer [1] (or a script) [1]:

478 views • 30 slides
HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Basic Vulnerabilities and their Exploitation Samuel Angebault HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel Angebault staphylo@lse.epita.fr http://lse.epita.fr/ July 18, 2013 Table

969 views • 57 slides
Autopsy of an automation disaster Simon J Mudd (Senior Database Engineer) Percona Live, 25 th

Autopsy of an automation disaster Simon J Mudd (Senior Database Engineer) Percona Live, 25 th

Autopsy of an automation disaster Simon J Mudd (Senior Database Engineer) Percona Live, 25 th April 2017 To err is human To really foul things up requires a computer [1] (or a script) [1]: http://quoteinvestigator.com/2010/12/07/foul-computer/

571 views • 39 slides
ALIEN AUTOPSY Summer Reading 2019 Target Audience: 4 th 6 th grade students Supplies:

ALIEN AUTOPSY Summer Reading 2019 Target Audience: 4 th 6 th grade students Supplies:

ALIEN AUTOPSY Summer Reading 2019 Target Audience: 4 th 6 th grade students Supplies: Gelatin mold Gelatin preferably orange or lime flavored Alien organs Cooked spaghetti, googly eyes, small toys, small candies,

421 views • 7 slides
Pre-mortems Keeping your project off the autopsy slab Christopher Cowell SDET, HealthSparq 1.

Pre-mortems Keeping your project off the autopsy slab Christopher Cowell SDET, HealthSparq 1.

Pre-mortems Keeping your project off the autopsy slab Christopher Cowell SDET, HealthSparq 1. Pretend that your project has failed. 2. Ask why it failed. 3. Do something now to prevent that failure. 2 1. Why am I here? 2. Define terms 3.

828 views • 60 slides
TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction

TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction

TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction Session Goals Presenter and Trustwave SpiderLabs background Analysis Overview Data Source Most frequently found SEVERE vulnerabilities

907 views • 62 slides
The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 Network Security The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security Vulnerabilities Security Problems in the TCP/IP Protocol

1.29k views • 13 slides
SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities Yuan Xiao, Yinqian Zhang, Radu Teodorescu The Ohio State University SPEculative Execution side Channel Hardware (SPEECH) Vulnerabilities Leverage

512 views • 24 slides
The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus

The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus

The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus <Stephan.Neuhaus@disi.unitn.it> Thomas Zimmermann <tzimmer@microsoft.com> Vulnerabilities are important because fixing them costs a lot of money (2005

1.9k views • 73 slides
Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design

Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design

Outstanding Communications Solutions Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design Acknowledged signalling vulnerabilities The root problem Mitigation The signaling band-aid A new class

787 views • 54 slides

More recommend