Your SlideShare is downloading. ×
Enterprise portals, gate to the gold
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Enterprise portals, gate to the gold


Published on

Presentation by Ian de Villiers at ZaCon 1 in 2009. …

Presentation by Ian de Villiers at ZaCon 1 in 2009.

The presentation begins by naming a few enterprise portal vendors followed by a brief overview of enterprise portals. Common shortcomings of EP's are discussed, which leads on to discussions about using custom applications to expose the full functionality of a portal.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Enterprise PortalsGate to the Gold
  • 2. `whoami`•  SensePost –  Specialist Security firm based in Pretoria –  Customers all over the globe –  Talks / Papers / Books• –  Associate security analyst –  I break stuff and write reports about breaking stuff•  Why this talk?
  • 3. EP Vendors•  IBM WebSphere Portal•  SAP NetWeaver Portal•  Oracle Portal Products (PlumTree, BEA, SUN, ∞)•  OpenText Portal (Formerly Vignette)•  JBoss Portal•  Microsoft SharePoint Server•  Apache Jetspeed, Interwoven TeamPortal, …, ∞
  • 4. EP Overview•  Frequent on intranets.•  Also frequent on the Internet… :)•  Framework for integrating information, people and processes**•  Consolidate and summarise diverse sources of information•  Provide customisable home-page for registered users**
  • 5. EP Overview•  Popular platform for deployment of applications due to framework and built-in functionality•  Provide SDK’s for customisation and deployment of custom applications•  Support pluggable components called portlets•  Generally J2EE-based, but there are some alternate platforms (i.e.: .NET, PHP, ∞)
  • 6. Portlet Overview •  Pluggable user interface components which are managed and displayed in a portal** •  Fragments of markup code (i.e: HTML / XML etc) which are aggregated in a portal page** •  Adhere to various standards –  WSRP (web services for remote portlets) –  Java Portlet SpecificationGET /moo?portlet=id&URI=http%3A%2F%2FHR%2Fbaa •  JSR168 HTTP 200 OK •  JSR268 •  Proprietary **
  • 7. Functionality++•  User Registration•  Portals are generally designed to share information – provide functionality for searching documents, users, ..., ∞•  Workflow components•  Messaging / Social networking•  Configuration and administrative components
  • 8. Common Shortcomings•  Generally cater for multiple portal applications –  May expose intranet applications to the Internet•  Frequently allow registration for public users – Functionality++•  Due to complex installation of J2EE application servers and lazy sys-admins, frequently run with elevated privileges
  • 9. Common Shortcomings•  Diverse log-in capabilities –  LDAP, XML, Database, ..., ∞, * == SSO•  Developers of custom applications deployed on portal platforms frequently have not considered the underlying functionality of the platform•  Custom error pages defined for platform•  Complexity++
  • 10. Breaking Out•  Custom applications frequently exploit functionality of portal framework but don’t allow users direct access to framework functions…•  … or do they ?
  • 11. Breaking Out•  Direct object access•  Google is your friend… :>•  Forcing errors to display generic portal error messages•  Accessing site-registration•  HTML source comments and JavaScript•  Once we can break out of the custom application, we expose the full functionality of the portal…
  • 12. Finding Portals•  Google Hacks (nods at Johnny Long…)•  site:, insite:, inurl:, …, ∞•  Demo… –  site:za –  inurl:/portal/site –  inurl:/template.REGISTER
  • 13. Abusing Portlets•  Original Advisory pertaining to IBM WebSphere –  WebSphere – 2006/01/24 – EPAM Systems•  Port Scanning•  Accessing protected resources•  Attacks at third parties•  Blended Attack Scenarios –  Denial Of Service –  Brute-Force –  Attacks against other protocols
  • 14. PortletSuite.tgz• –  Scan for open ports by abusing portlets• –  Scan for common virtual directory names and web server misconfigurations• –  Provides proxy server functionality tunnelling HTTP requests through remote portlets
  • 15. PortletSuite.tgz••  Demo… –  Breaking out –  Portlet-scanning –  Pikto –  Accessing protected resources –  PortletProx
  • 16. Questions ?