SlideShare a Scribd company logo

Final race-condition-in-the-web

Xchym Hiệp
Xchym Hiệp
Technology
1 of 27
Download to read offline
Race Condition Attacks in Web Applications gamma95[at]gmail[dot].com
Breaking news
About me
About me $g4mm4 === $gamma95 ● Penetration tester ● Bugs hunter ● Full time Internet Troll
About the talk ● What is race condition? ● Race conditions in the web applications ● Prevention ● Demo ● References ● Q&A
What is race condition? ● A race condition or race hazard is a type of flaw in an electronic or software system where the output is dependent on the sequence or timing of other uncontrollable events ● Race conditions can occur in electronics systems, especially logic circuits, and in computer software, especially multithreaded or distributed programs.
in Electronics ● ∆t1 and ∆t2 represent the propagation delays of the logic elements. ● When the input value (A) changes, the circuit outputs a short spike of duration (∆t1+∆t2) - ∆t2 = ∆t1
In Computer Software (file system, networking ...)
in Web Applications: Hit Counter
in Web Applications: Hit Counter
Tell me why?
Tell me why?
in Web Applications: Online Banking
in Web Applications: Online Banking
D3m0
Prevention
Semaphore
System V Semaphore PHP is compiled with --enable-sysvsem
LFI with phpinfo() ● What is LFI? Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected
LFI with phpinfo() ● Why PHPInfo()? The output of the PHPInfo() script contains the values of the PHP Variables, including any values set via _GET, _POST or uploaded _FILES.
How to win the race ?
D3m0
References ● Practical Race Condition Vulnerabilities in Web Applications https://defuse.ca/race-conditions-in-web-applications.htm ● "LFI with phpinfo() assistance" http://www.insomniasec.com/publications/LFI With PHPInfo Assistance.pdf ● Nghệ thuật tận dụng lỗi phần mềm http://bluemoon.com.vn/books/8935048992197.html
Questions?
That's all folks!

Recommended

04 ос взаимодействие_процессов_1
04 ос взаимодействие_процессов_104 ос взаимодействие_процессов_1
04 ос взаимодействие_процессов_1921519
 
NoSQL атакует: JSON функции в MySQL сервере.
NoSQL атакует: JSON функции в MySQL сервере.NoSQL атакует: JSON функции в MySQL сервере.
NoSQL атакует: JSON функции в MySQL сервере.Sveta Smirnova
 
IT Race 2014
IT Race 2014IT Race 2014
IT Race 2014IT-Доминанта
 
анализ кода: от проверки стиля до автоматического тестирования
анализ кода: от проверки стиля до автоматического тестированияанализ кода: от проверки стиля до автоматического тестирования
анализ кода: от проверки стиля до автоматического тестированияRuslan Shevchenko
 
4.3. Rat races conditions
4.3. Rat races conditions4.3. Rat races conditions
4.3. Rat races conditionsdefconmoscow
 
Race condition
Race conditionRace condition
Race conditionМихаил Фирстов
 
TMPA-2015: The Application of Static Analysis to Optimize the Dynamic Detecti...
TMPA-2015: The Application of Static Analysis to Optimize the Dynamic Detecti...TMPA-2015: The Application of Static Analysis to Optimize the Dynamic Detecti...
TMPA-2015: The Application of Static Analysis to Optimize the Dynamic Detecti...Iosif Itkin
 
Linux IPC
Linux IPCLinux IPC
Linux IPCAndrey Smirnov
 

Recommended

04 ос взаимодействие_процессов_1
04 ос взаимодействие_процессов_104 ос взаимодействие_процессов_1
04 ос взаимодействие_процессов_1921519
 
NoSQL атакует: JSON функции в MySQL сервере.
NoSQL атакует: JSON функции в MySQL сервере.NoSQL атакует: JSON функции в MySQL сервере.
NoSQL атакует: JSON функции в MySQL сервере.Sveta Smirnova
 
IT Race 2014
IT Race 2014IT Race 2014
IT Race 2014IT-Доминанта
 
анализ кода: от проверки стиля до автоматического тестирования
анализ кода: от проверки стиля до автоматического тестированияанализ кода: от проверки стиля до автоматического тестирования
анализ кода: от проверки стиля до автоматического тестированияRuslan Shevchenko
 
4.3. Rat races conditions
4.3. Rat races conditions4.3. Rat races conditions
4.3. Rat races conditionsdefconmoscow
 
Race condition
Race conditionRace condition
Race conditionМихаил Фирстов
 
TMPA-2015: The Application of Static Analysis to Optimize the Dynamic Detecti...
TMPA-2015: The Application of Static Analysis to Optimize the Dynamic Detecti...TMPA-2015: The Application of Static Analysis to Optimize the Dynamic Detecti...
TMPA-2015: The Application of Static Analysis to Optimize the Dynamic Detecti...Iosif Itkin
 
Linux IPC
Linux IPCLinux IPC
Linux IPCAndrey Smirnov
 
CanSecWest (1)
CanSecWest (1)CanSecWest (1)
CanSecWest (1)Abhishek Singh
 
Near real-time anomaly detection at Lyft
Near real-time anomaly detection at LyftNear real-time anomaly detection at Lyft
Near real-time anomaly detection at Lyftmarkgrover
 
D3 Troubleshooting
D3 TroubleshootingD3 Troubleshooting
D3 TroubleshootingRocket Software
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
104 Common network devices
104 Common network devices104 Common network devices
104 Common network devicesSsendiSamuel
 
OSMC 2021 | Robotmk: You don’t run IT – you deliver services!
OSMC 2021 | Robotmk: You don’t run IT – you deliver services!OSMC 2021 | Robotmk: You don’t run IT – you deliver services!
OSMC 2021 | Robotmk: You don’t run IT – you deliver services!NETWAYS
 
Marton Balassi – Stateful Stream Processing
Marton Balassi – Stateful Stream ProcessingMarton Balassi – Stateful Stream Processing
Marton Balassi – Stateful Stream ProcessingFlink Forward
 
Abstractions for managed stream processing platform (Arya Ketan - Flipkart)
Abstractions for managed stream processing platform (Arya Ketan - Flipkart)Abstractions for managed stream processing platform (Arya Ketan - Flipkart)
Abstractions for managed stream processing platform (Arya Ketan - Flipkart)KafkaZone
 
Crushing Latency with Vert.x
Crushing Latency with Vert.xCrushing Latency with Vert.x
Crushing Latency with Vert.xPaulo Lopes
 
Computer Archeticture
Computer ArchetictureComputer Archeticture
Computer Archeticturemahmoud
 
Java Profiling
Java ProfilingJava Profiling
Java Profilingzeroproductionincidents
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZeditsRod Soto
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)Alejandro Hernández
 
Kernel Recipes 2018 - Mitigating Spectre and Meltdown (and L1TF) - David Wood...
Kernel Recipes 2018 - Mitigating Spectre and Meltdown (and L1TF) - David Wood...Kernel Recipes 2018 - Mitigating Spectre and Meltdown (and L1TF) - David Wood...
Kernel Recipes 2018 - Mitigating Spectre and Meltdown (and L1TF) - David Wood...Anne Nicolas
 
A trial investigation system for vulnerability on M2M network
A trial investigation system for vulnerability on M2M networkA trial investigation system for vulnerability on M2M network
A trial investigation system for vulnerability on M2M networkMocke Tech
 
A Trial Investigation System for Vulnerability on M2M Network
A Trial Investigation System for Vulnerability on M2M NetworkA Trial Investigation System for Vulnerability on M2M Network
A Trial Investigation System for Vulnerability on M2M NetworkKiyotaka Atsumi
 
Alessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocolAlessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocollinuxlab_conf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community
 

More Related Content

Similar to Final race-condition-in-the-web

Near real-time anomaly detection at Lyft
Near real-time anomaly detection at LyftNear real-time anomaly detection at Lyft
Near real-time anomaly detection at Lyftmarkgrover
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
104 Common network devices
104 Common network devices104 Common network devices
104 Common network devicesSsendiSamuel
 
OSMC 2021 | Robotmk: You don’t run IT – you deliver services!
OSMC 2021 | Robotmk: You don’t run IT – you deliver services!OSMC 2021 | Robotmk: You don’t run IT – you deliver services!
OSMC 2021 | Robotmk: You don’t run IT – you deliver services!NETWAYS
 
Marton Balassi – Stateful Stream Processing
Marton Balassi – Stateful Stream ProcessingMarton Balassi – Stateful Stream Processing
Marton Balassi – Stateful Stream ProcessingFlink Forward
 
Abstractions for managed stream processing platform (Arya Ketan - Flipkart)
Abstractions for managed stream processing platform (Arya Ketan - Flipkart)Abstractions for managed stream processing platform (Arya Ketan - Flipkart)
Abstractions for managed stream processing platform (Arya Ketan - Flipkart)KafkaZone
 
Crushing Latency with Vert.x
Crushing Latency with Vert.xCrushing Latency with Vert.x
Crushing Latency with Vert.xPaulo Lopes
 
Computer Archeticture
Computer ArchetictureComputer Archeticture
Computer Archeticturemahmoud
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZeditsRod Soto
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)Alejandro Hernández
 
Kernel Recipes 2018 - Mitigating Spectre and Meltdown (and L1TF) - David Wood...
Kernel Recipes 2018 - Mitigating Spectre and Meltdown (and L1TF) - David Wood...Kernel Recipes 2018 - Mitigating Spectre and Meltdown (and L1TF) - David Wood...
Kernel Recipes 2018 - Mitigating Spectre and Meltdown (and L1TF) - David Wood...Anne Nicolas
 
A trial investigation system for vulnerability on M2M network
A trial investigation system for vulnerability on M2M networkA trial investigation system for vulnerability on M2M network
A trial investigation system for vulnerability on M2M networkMocke Tech
 
A Trial Investigation System for Vulnerability on M2M Network
A Trial Investigation System for Vulnerability on M2M NetworkA Trial Investigation System for Vulnerability on M2M Network
A Trial Investigation System for Vulnerability on M2M NetworkKiyotaka Atsumi
 
Alessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocolAlessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocollinuxlab_conf
 

Similar to Final race-condition-in-the-web (20)

CanSecWest (1)
CanSecWest (1)CanSecWest (1)
CanSecWest (1)
 
Near real-time anomaly detection at Lyft
Near real-time anomaly detection at LyftNear real-time anomaly detection at Lyft
Near real-time anomaly detection at Lyft
 
D3 Troubleshooting
D3 TroubleshootingD3 Troubleshooting
D3 Troubleshooting
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
 
104 Common network devices
104 Common network devices104 Common network devices
104 Common network devices
 
OSMC 2021 | Robotmk: You don’t run IT – you deliver services!
OSMC 2021 | Robotmk: You don’t run IT – you deliver services!OSMC 2021 | Robotmk: You don’t run IT – you deliver services!
OSMC 2021 | Robotmk: You don’t run IT – you deliver services!
 
Marton Balassi – Stateful Stream Processing
Marton Balassi – Stateful Stream ProcessingMarton Balassi – Stateful Stream Processing
Marton Balassi – Stateful Stream Processing
 
Abstractions for managed stream processing platform (Arya Ketan - Flipkart)
Abstractions for managed stream processing platform (Arya Ketan - Flipkart)Abstractions for managed stream processing platform (Arya Ketan - Flipkart)
Abstractions for managed stream processing platform (Arya Ketan - Flipkart)
 
Crushing Latency with Vert.x
Crushing Latency with Vert.xCrushing Latency with Vert.x
Crushing Latency with Vert.x
 
Computer Archeticture
Computer ArchetictureComputer Archeticture
Computer Archeticture
 
Java Profiling
Java ProfilingJava Profiling
Java Profiling
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZedits
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
 
Kernel Recipes 2018 - Mitigating Spectre and Meltdown (and L1TF) - David Wood...
Kernel Recipes 2018 - Mitigating Spectre and Meltdown (and L1TF) - David Wood...Kernel Recipes 2018 - Mitigating Spectre and Meltdown (and L1TF) - David Wood...
Kernel Recipes 2018 - Mitigating Spectre and Meltdown (and L1TF) - David Wood...
 
A trial investigation system for vulnerability on M2M network
A trial investigation system for vulnerability on M2M networkA trial investigation system for vulnerability on M2M network
A trial investigation system for vulnerability on M2M network
 
A Trial Investigation System for Vulnerability on M2M Network
A Trial Investigation System for Vulnerability on M2M NetworkA Trial Investigation System for Vulnerability on M2M Network
A Trial Investigation System for Vulnerability on M2M Network
 
Alessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocolAlessio Lama - Development and testing of a safety network protocol
Alessio Lama - Development and testing of a safety network protocol
 

Recently uploaded

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Final race-condition-in-the-web

  • 1.
  • 2. Race Condition Attacks in Web Applications gamma95[at]gmail[dot].com
  • 5. About me $g4mm4 === $gamma95 ● Penetration tester ● Bugs hunter ● Full time Internet Troll
  • 6. About the talk ● What is race condition? ● Race conditions in the web applications ● Prevention ● Demo ● References ● Q&A
  • 7. What is race condition? ● A race condition or race hazard is a type of flaw in an electronic or software system where the output is dependent on the sequence or timing of other uncontrollable events ● Race conditions can occur in electronics systems, especially logic circuits, and in computer software, especially multithreaded or distributed programs.
  • 8. in Electronics ● ∆t1 and ∆t2 represent the propagation delays of the logic elements. ● When the input value (A) changes, the circuit outputs a short spike of duration (∆t1+∆t2) - ∆t2 = ∆t1
  • 9. In Computer Software (file system, networking ...)
  • 10. in Web Applications: Hit Counter
  • 11. in Web Applications: Hit Counter
  • 14.
  • 15. in Web Applications: Online Banking
  • 16. in Web Applications: Online Banking
  • 17. D3m0
  • 20. System V Semaphore PHP is compiled with --enable-sysvsem
  • 21. LFI with phpinfo() ● What is LFI? Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected
  • 22. LFI with phpinfo() ● Why PHPInfo()? The output of the PHPInfo() script contains the values of the PHP Variables, including any values set via _GET, _POST or uploaded _FILES.
  • 23. How to win the race ?
  • 24. D3m0
  • 25. References ● Practical Race Condition Vulnerabilities in Web Applications https://defuse.ca/race-conditions-in-web-applications.htm ● "LFI with phpinfo() assistance" http://www.insomniasec.com/publications/LFI With PHPInfo Assistance.pdf ● Nghệ thuật tận dụng lỗi phần mềm http://bluemoon.com.vn/books/8935048992197.html