Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Web Uygulamalarının Hacklenmesi

529 vues

Publié le

Zero-day Conf, İstanbul Kültür Üniversitesi 2016

Publié dans : Internet
  • Soyez le premier à commenter

Web Uygulamalarının Hacklenmesi

  1. 1. whoami Security Researcher @ Netsparker Ltd. Developer @ Another Times Writer @ Ethical Hacking “Offensive & Defensive” Book Blog: omercitak.com All Social Platform: @Om3rCitak
  2. 2. ping pong?
  3. 3. ping pong?
  4. 4. cross site scripting • Reflected XSS • DOM Based XSS • Stored XSS
  5. 5. reflected cross site scripting
  6. 6. reflected cross site scripting
  7. 7. dom-based cross site scripting
  8. 8. stored cross site scripting
  9. 9. stored cross site scripting
  10. 10. stored cross site scripting
  11. 11. sql injection • Union Based SQL Injection • Blind SQL Injection • Time Based SQL Injection
  12. 12. union based sql injection
  13. 13. login bypass
  14. 14. blind sql injection • Ya hatalar gizlenmiş ise? (error_reporting(0)) • Ya mysql_* fonksiyonlarının başına «@» konulmuş ise?
  15. 15. blind sql injection
  16. 16. blind sql injection
  17. 17. blind sql injection
  18. 18. time-based sql injection • Ya arka planda çıktı vermeyen bir query çalışıyor ise? – Count Query – Update Query – Insert Query – Delete Query – Relationship Query
  19. 19. time-based sql injection
  20. 20. time-based sql injection MySQL Server Microsoft SQL Server Oracle Server
  21. 21. sql injection poc Uluslararası Af Örgütü (amnesty.org.tr)
  22. 22. sql injection poc
  23. 23. where is the güvenlik?
  24. 24. questions
  25. 25. thanks www.omercitak.com All Social Platform: @Om3rCitak

×