SensePost, profile picture
Uploaded bySensePost
PDF, PPTX970 views

Enterprise portals, gate to the gold

The document discusses enterprise portals, which integrate information, people, and processes, and are popular for application deployment due to their frameworks and functionality. It covers various enterprise portal vendors, portlet components, and common shortcomings related to security and access issues. The content also highlights potential attacks on portals and tools for scanning and exploiting vulnerabilities within them.

Embed presentation

Download as PDF, PPTX
Enterprise Portals Gate to the Gold
`whoami` •  SensePost –  Specialist Security firm based in Pretoria –  Customers all over the globe –  Talks / Papers / Books •  ian@sensepost.com –  Associate security analyst –  I break stuff and write reports about breaking stuff •  Why this talk?
EP Vendors •  IBM WebSphere Portal •  SAP NetWeaver Portal •  Oracle Portal Products (PlumTree, BEA, SUN, ∞) •  OpenText Portal (Formerly Vignette) •  JBoss Portal •  Microsoft SharePoint Server •  Apache Jetspeed, Interwoven TeamPortal, …, ∞
EP Overview •  Frequent on intranets. •  Also frequent on the Internet… :) •  Framework for integrating information, people and processes** •  Consolidate and summarise diverse sources of information •  Provide customisable home-page for registered users **
EP Overview •  Popular platform for deployment of applications due to framework and built-in functionality •  Provide SDK’s for customisation and deployment of custom applications •  Support pluggable components called portlets •  Generally J2EE-based, but there are some alternate platforms (i.e.: .NET, PHP, ∞)
Portlet Overview •  Pluggable user interface components which are managed and displayed in a portal** •  Fragments of markup code (i.e: HTML / XML etc) which are aggregated in a portal page** •  Adhere to various standards –  WSRP (web services for remote portlets) –  Java Portlet Specification GET /moo?portlet=id&URI=http%3A%2F%2FHR%2Fbaa •  JSR168 HTTP 200 OK •  JSR268 •  Proprietary **
Functionality++ •  User Registration •  Portals are generally designed to share information – provide functionality for searching documents, users, ..., ∞ •  Workflow components •  Messaging / Social networking •  Configuration and administrative components
Common Shortcomings •  Generally cater for multiple portal applications –  May expose intranet applications to the Internet •  Frequently allow registration for public users – Functionality++ •  Due to complex installation of J2EE application servers and lazy sys-admins, frequently run with elevated privileges
Common Shortcomings •  Diverse log-in capabilities –  LDAP, XML, Database, ..., ∞, * == SSO •  Developers of custom applications deployed on portal platforms frequently have not considered the underlying functionality of the platform •  Custom error pages defined for platform •  Complexity++
Breaking Out •  Custom applications frequently exploit functionality of portal framework but don’t allow users direct access to framework functions… •  … or do they ?
Breaking Out •  Direct object access •  Google is your friend… :> •  Forcing errors to display generic portal error messages •  Accessing site-registration •  HTML source comments and JavaScript •  Once we can break out of the custom application, we expose the full functionality of the portal…
Finding Portals •  Google Hacks (nods at Johnny Long…) •  site:, insite:, inurl:, …, ∞ •  Demo… –  site:za –  inurl:/portal/site –  inurl:/template.REGISTER
Abusing Portlets •  Original Advisory pertaining to IBM WebSphere –  WebSphere – 2006/01/24 – EPAM Systems •  Port Scanning •  Accessing protected resources •  Attacks at third parties •  Blended Attack Scenarios –  Denial Of Service –  Brute-Force –  Attacks against other protocols
PortletSuite.tgz •  PortletScan.py –  Scan for open ports by abusing portlets •  Pikto.py –  Scan for common virtual directory names and web server misconfigurations •  PorProx.py –  Provides proxy server functionality tunnelling HTTP requests through remote portlets
PortletSuite.tgz •  http://www.sensepost.com/blog •  Demo… –  Breaking out –  Portlet-scanning –  Pikto –  Accessing protected resources –  PortletProx
Questions ? ian@sensepost.com

More Related Content

PDF
Portets to composite applications
bySerge Huber
 
PPTX
Forefront UAG
byJames Tramel
 
PDF
The Evolution of Webinjects
byjiboutin
 
PPTX
Java Portal platforms presentation
byRashedul Hasan Khan
 
PDF
Portal as UI of SOA
byAndrew Petro
 
PDF
Moved to https://slidr.io/azzazzel/what-is-a-portal
byMilen Dyankov
 
PPT
Implementing SOA with Portal, an IBM Impact 2010 Presentation
byguestbc8b80
 
PDF
GateIn - Presented at Atlanta JUG on 1/19/2010
byWesley Hales
 
Portets to composite applications
bySerge Huber
 
Forefront UAG
byJames Tramel
 
The Evolution of Webinjects
byjiboutin
 
Java Portal platforms presentation
byRashedul Hasan Khan
 
Portal as UI of SOA
byAndrew Petro
 
Moved to https://slidr.io/azzazzel/what-is-a-portal
byMilen Dyankov
 
Implementing SOA with Portal, an IBM Impact 2010 Presentation
byguestbc8b80
 
GateIn - Presented at Atlanta JUG on 1/19/2010
byWesley Hales
 

Similar to Enterprise portals, gate to the gold

PPTX
What is a portal/ Java portal/ Enterprise portal ?
bytallashan
 
PDF
GateIn - The Solution for Managing and Building Enterprise Web Apps
byWesley Hales
 
PPTX
Portal For Your Business
byXebia IT Architects
 
PPTX
Web Sphere Portal
byJawwad Jafri
 
PPT
Portal Presention
byJayaPrakash.m
 
PPT
Web2.0 Ajax and REST in WebSphere Portal
byMunish Gupta
 
PDF
Oracle web center
byEast Le
 
PPT
01. Portal Business Overview
byNick Davis
 
PPTX
Portal / BI 2008 Presentation by Ted Tschopp
byTed Tschopp
 
PDF
Web portal wikipedia
byJoshuaVerdin2
 
PPT
IBM WebSphere Portal
byVincent Perrin
 
PDF
Zero to Portlet in 20 minutes or less
byDavalen LLC
 
PDF
What Is A Portal
bySteve Williams
 
PDF
Web Application Solutions
byAlexander Sergeev
 
PDF
Portalbusinessoverview
bydteboul
 
KEY
Portal - Lego set for app development
bybdaw
 
PPTX
Web portals & vortals
byIndore Management Institute & Research Centre
 
ODP
Apache Shindig, from Server Side Portlets to Open Social Gadgets
byTyrell Perera
 
PDF
SOA an architecture on the Desktop
byVincent Perrin
 
PPTX
04.m3 cms streaming-protocol
bytarensi
 
What is a portal/ Java portal/ Enterprise portal ?
bytallashan
 
GateIn - The Solution for Managing and Building Enterprise Web Apps
byWesley Hales
 
Portal For Your Business
byXebia IT Architects
 
Web Sphere Portal
byJawwad Jafri
 
Portal Presention
byJayaPrakash.m
 
Web2.0 Ajax and REST in WebSphere Portal
byMunish Gupta
 
Oracle web center
byEast Le
 
01. Portal Business Overview
byNick Davis
 
Portal / BI 2008 Presentation by Ted Tschopp
byTed Tschopp
 
Web portal wikipedia
byJoshuaVerdin2
 
IBM WebSphere Portal
byVincent Perrin
 
Zero to Portlet in 20 minutes or less
byDavalen LLC
 
What Is A Portal
bySteve Williams
 
Web Application Solutions
byAlexander Sergeev
 
Portalbusinessoverview
bydteboul
 
Portal - Lego set for app development
bybdaw
 
Web portals & vortals
byIndore Management Institute & Research Centre
 
Apache Shindig, from Server Side Portlets to Open Social Gadgets
byTyrell Perera
 
SOA an architecture on the Desktop
byVincent Perrin
 
04.m3 cms streaming-protocol
bytarensi
 

More from SensePost

PDF
objection - runtime mobile exploration
bySensePost
 
PPTX
Vulnerabilities in TN3270 based Application
bySensePost
 
PDF
Ruler and Liniaal @ Troopers 17
bySensePost
 
PDF
Introducing (DET) the Data Exfiltration Toolkit
bySensePost
 
PPTX
ZaCon 2015 - Zombie Mana Attacks
bySensePost
 
PPTX
Improvement in Rogue Access Points - SensePost Defcon 22
bySensePost
 
PDF
Heartbleed Overview
bySensePost
 
PDF
Botconf 2013 - DNS-based Botnet C2 Server Detection
bySensePost
 
PPTX
Rat a-tat-tat
bySensePost
 
PDF
Hacking Z-Wave Home Automation Systems
bySensePost
 
PPTX
Offence oriented Defence
bySensePost
 
PPTX
Threats to machine clouds
bySensePost
 
PPTX
Inside .NET Smart Card Operating System
bySensePost
 
PDF
SNMP : Simple Network Mediated (Cisco) Pwnage
bySensePost
 
PPT
Its Ok To Get Hacked
bySensePost
 
PPT
Web Application Hacking
bySensePost
 
PDF
Putting the tea back into cyber terrorism
bySensePost
 
PPT
Major global information security trends - a summary
bySensePost
 
PPT
Attacks and Defences
bySensePost
 
PDF
Corporate Threat Modeling v2
bySensePost
 
objection - runtime mobile exploration
bySensePost
 
Vulnerabilities in TN3270 based Application
bySensePost
 
Ruler and Liniaal @ Troopers 17
bySensePost
 
Introducing (DET) the Data Exfiltration Toolkit
bySensePost
 
ZaCon 2015 - Zombie Mana Attacks
bySensePost
 
Improvement in Rogue Access Points - SensePost Defcon 22
bySensePost
 
Heartbleed Overview
bySensePost
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
bySensePost
 
Rat a-tat-tat
bySensePost
 
Hacking Z-Wave Home Automation Systems
bySensePost
 
Offence oriented Defence
bySensePost
 
Threats to machine clouds
bySensePost
 
Inside .NET Smart Card Operating System
bySensePost
 
SNMP : Simple Network Mediated (Cisco) Pwnage
bySensePost
 
Its Ok To Get Hacked
bySensePost
 
Web Application Hacking
bySensePost
 
Putting the tea back into cyber terrorism
bySensePost
 
Major global information security trends - a summary
bySensePost
 
Attacks and Defences
bySensePost
 
Corporate Threat Modeling v2
bySensePost
 

Recently uploaded

PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PPTX
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
PDF
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
PDF
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
Rustici Software: eLearning standards in the age of AI
byRustici Software
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 

Enterprise portals, gate to the gold

  • 1.
  • 2.
    `whoami` •  SensePost –  Specialist Security firm based in Pretoria –  Customers all over the globe –  Talks / Papers / Books •  ian@sensepost.com –  Associate security analyst –  I break stuff and write reports about breaking stuff •  Why this talk?
  • 3.
    EP Vendors •  IBMWebSphere Portal •  SAP NetWeaver Portal •  Oracle Portal Products (PlumTree, BEA, SUN, ∞) •  OpenText Portal (Formerly Vignette) •  JBoss Portal •  Microsoft SharePoint Server •  Apache Jetspeed, Interwoven TeamPortal, …, ∞
  • 4.
    EP Overview •  Frequenton intranets. •  Also frequent on the Internet… :) •  Framework for integrating information, people and processes** •  Consolidate and summarise diverse sources of information •  Provide customisable home-page for registered users **
  • 5.
    EP Overview •  Popularplatform for deployment of applications due to framework and built-in functionality •  Provide SDK’s for customisation and deployment of custom applications •  Support pluggable components called portlets •  Generally J2EE-based, but there are some alternate platforms (i.e.: .NET, PHP, ∞)
  • 6.
    Portlet Overview •  Pluggable user interface components which are managed and displayed in a portal** •  Fragments of markup code (i.e: HTML / XML etc) which are aggregated in a portal page** •  Adhere to various standards –  WSRP (web services for remote portlets) –  Java Portlet Specification GET /moo?portlet=id&URI=http%3A%2F%2FHR%2Fbaa •  JSR168 HTTP 200 OK •  JSR268 •  Proprietary **
  • 7.
    Functionality++ •  User Registration • Portals are generally designed to share information – provide functionality for searching documents, users, ..., ∞ •  Workflow components •  Messaging / Social networking •  Configuration and administrative components
  • 8.
    Common Shortcomings •  Generallycater for multiple portal applications –  May expose intranet applications to the Internet •  Frequently allow registration for public users – Functionality++ •  Due to complex installation of J2EE application servers and lazy sys-admins, frequently run with elevated privileges
  • 9.
    Common Shortcomings •  Diverselog-in capabilities –  LDAP, XML, Database, ..., ∞, * == SSO •  Developers of custom applications deployed on portal platforms frequently have not considered the underlying functionality of the platform •  Custom error pages defined for platform •  Complexity++
  • 10.
    Breaking Out •  Customapplications frequently exploit functionality of portal framework but don’t allow users direct access to framework functions… •  … or do they ?
  • 11.
    Breaking Out •  Directobject access •  Google is your friend… :> •  Forcing errors to display generic portal error messages •  Accessing site-registration •  HTML source comments and JavaScript •  Once we can break out of the custom application, we expose the full functionality of the portal…
  • 12.
    Finding Portals •  GoogleHacks (nods at Johnny Long…) •  site:, insite:, inurl:, …, ∞ •  Demo… –  site:za –  inurl:/portal/site –  inurl:/template.REGISTER
  • 13.
    Abusing Portlets •  OriginalAdvisory pertaining to IBM WebSphere –  WebSphere – 2006/01/24 – EPAM Systems •  Port Scanning •  Accessing protected resources •  Attacks at third parties •  Blended Attack Scenarios –  Denial Of Service –  Brute-Force –  Attacks against other protocols
  • 14.
    PortletSuite.tgz •  PortletScan.py –  Scan for open ports by abusing portlets •  Pikto.py –  Scan for common virtual directory names and web server misconfigurations •  PorProx.py –  Provides proxy server functionality tunnelling HTTP requests through remote portlets
  • 15.
    PortletSuite.tgz •  http://www.sensepost.com/blog •  Demo… –  Breaking out –  Portlet-scanning –  Pikto –  Accessing protected resources –  PortletProx
  • 16.