Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Devfest Istanbul
Web Application Attacks and Trusting
Frameworks
whoami
● Mehmet INCE
● Cyber Security Engineer/Pentest Lead at
INTELRAD
● 150+ vulnerability publication
● Application Sec...
Önerme
security is a
serious
business.
Web Uygulama Güvenliği’nde iddia
● Framework kullanıyoruz. ( ORM, Prepared statements )
● Input validation yapmaktayız.
● ...
Tüm maddeleri yapan bir
firmada çalışan ?
Çünkü
● Drupal core - SQL injection ( stacked query
enabled! ) - http://goo.gl/RPgX1z
● Wordpress 4.0.1 Stored XSS - http:...
Çünkü...
● Symfony CSRF ( CVE-2014-6072 )
● Laravel cookie forgery, decryption, and RCE
- http://goo.gl/qieZzZ
● RoR SQLi ...
Çünkü…
“Framework kullanıyoruz.” olmazsa olmazlardan biridir ama
asla yeterli değildir, zira framework’ünde kendisi bir
ya...
Çünkü…
Açık kaynak güvenlik açısından önemlidir.
Lakin tüm örnekler açık kaynak kodlu ve 1.000
~ committer’ı olan projeler...
Çünkü….
Hiçbir WAF, IPS/IDS Codeigniter Object
Injection zafiyetini tespit edemez. Çünkü ?
( Exploit the OR )
Yani..
security is a
serious
business.
Codeigniter Object Injection Vuln
Codeigniter Session Mechanism
Session class initializer method.
Codeigniter Session Mechanism
Codeigniter Session Mechanism
Codeigniter Encryption Class
Codeigniter Custom XOR
Where we are
User Request
Session Class
initializer
sess_create()
is encrypt cookie
enabled ?
T: Encode with Mcrypt _set_c...
How to read Session Data
How to exploit
- Encryption key biliniyorsa
- Cookie object manipulation
- Encryption key belirsiz ise
- Mcrypt aktif ise
...
Codeigniter Based Applications
- Bonfire Vulnerable
- No-CMS Vulnerable
- PyroCMS Vulnerable
- FUEL CMS Vulnerable
- ...
DEMO
Teşekkürler
twitter.com/mdisec
www.mehmetince.net
mehmet@mehmetince.net
Devfest istanbul'14  - Web Application Attacks and Trusting Frameworks
Upcoming SlideShare
Loading in …5
×
Upcoming SlideShare
Tuleap <= 8.18 SQL Injection & XSS Vulnerability Anaylsis
Next
Download to read offline and view in fullscreen.

4

Share

Download to read offline

Devfest istanbul'14 - Web Application Attacks and Trusting Frameworks

Download to read offline

Frameworks are undeniably one of the most important elements of frameworks. As we continue to witness a significant increase in number of framework-based attacks towards web applications each day, usage of Frameworks without considering security-related aspects continue to be the most drastic problem that developers face. Throughout the presentation; Mr. İnce will analyze one of the most commonly-used PHP web frameworks by highlighting important security considerations; followed by a real-time exploitation of discovered vulnerability in LAB environment.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Devfest istanbul'14 - Web Application Attacks and Trusting Frameworks

  1. 1. Devfest Istanbul Web Application Attacks and Trusting Frameworks
  2. 2. whoami ● Mehmet INCE ● Cyber Security Engineer/Pentest Lead at INTELRAD ● 150+ vulnerability publication ● Application Security ● Infosec Blogger www.mehmetince.net ● PHP, Python, etc.. ● @mdisec
  3. 3. Önerme security is a serious business.
  4. 4. Web Uygulama Güvenliği’nde iddia ● Framework kullanıyoruz. ( ORM, Prepared statements ) ● Input validation yapmaktayız. ● Output encoding bizim işimiz. ● Düzenli olarak farklı firmalardan penetrasyon testi hizmeti alıyoruz. ● WAF, IPS/IDS cihazlarımız var. ● Yazılımımız açık kaynak kodlu. Community gücü bizimle. ● Geliştiricilerimize secure coding training eğitimleri aldırıyoruz. ● Bug bounty programımız var, zafiyet bulan herkese ücret ödüyoruz.
  5. 5. Tüm maddeleri yapan bir firmada çalışan ?
  6. 6. Çünkü ● Drupal core - SQL injection ( stacked query enabled! ) - http://goo.gl/RPgX1z ● Wordpress 4.0.1 Stored XSS - http://goo. gl/xuvXfB ● Codeigniter Object Injection - http://goo. gl/72lzGV
  7. 7. Çünkü... ● Symfony CSRF ( CVE-2014-6072 ) ● Laravel cookie forgery, decryption, and RCE - http://goo.gl/qieZzZ ● RoR SQLi & Crypto Weakness
  8. 8. Çünkü… “Framework kullanıyoruz.” olmazsa olmazlardan biridir ama asla yeterli değildir, zira framework’ünde kendisi bir yazılımdır. Güvenlik açığı olabilir. ( RoR, CI, Laravel, Symfony, ASP.NET )
  9. 9. Çünkü… Açık kaynak güvenlik açısından önemlidir. Lakin tüm örnekler açık kaynak kodlu ve 1.000 ~ committer’ı olan projelerdi. http://goo. gl/fDHGFZ ( Aramıza hoşgeldin ASP.NET :p )
  10. 10. Çünkü…. Hiçbir WAF, IPS/IDS Codeigniter Object Injection zafiyetini tespit edemez. Çünkü ? ( Exploit the OR )
  11. 11. Yani.. security is a serious business.
  12. 12. Codeigniter Object Injection Vuln
  13. 13. Codeigniter Session Mechanism Session class initializer method.
  14. 14. Codeigniter Session Mechanism
  15. 15. Codeigniter Session Mechanism
  16. 16. Codeigniter Encryption Class
  17. 17. Codeigniter Custom XOR
  18. 18. Where we are User Request Session Class initializer sess_create() is encrypt cookie enabled ? T: Encode with Mcrypt _set_cookie() F : Encode with Xor
  19. 19. How to read Session Data
  20. 20. How to exploit - Encryption key biliniyorsa - Cookie object manipulation - Encryption key belirsiz ise - Mcrypt aktif ise - CBC mode exploit - Custom XOR ise - md5 hash brute force
  21. 21. Codeigniter Based Applications - Bonfire Vulnerable - No-CMS Vulnerable - PyroCMS Vulnerable - FUEL CMS Vulnerable - ...
  22. 22. DEMO
  23. 23. Teşekkürler twitter.com/mdisec www.mehmetince.net mehmet@mehmetince.net
  • EjderHakanAtlkarnca

    Aug. 16, 2018
  • ZiedBELGHITH

    Sep. 14, 2017
  • muro92q

    Feb. 17, 2015
  • mehmetvarol927

    Feb. 10, 2015

Frameworks are undeniably one of the most important elements of frameworks. As we continue to witness a significant increase in number of framework-based attacks towards web applications each day, usage of Frameworks without considering security-related aspects continue to be the most drastic problem that developers face. Throughout the presentation; Mr. İnce will analyze one of the most commonly-used PHP web frameworks by highlighting important security considerations; followed by a real-time exploitation of discovered vulnerability in LAB environment.

Views

Total views

3,885

On Slideshare

0

From embeds

0

Number of embeds

1,950

Actions

Downloads

48

Shares

0

Comments

0

Likes

4

×