Successfully reported this slideshow.
Copyright © The OWASP Foundation
Permission is granted to copy, distribute and/or modify this document
under the terms of ...
OWASP
2
Not this type of bugs!
OWASP
Nor even
This type
Of hunting!
OWASP
OWASP
1- Bug Bounty Programs.
2- Remote Code Execution Vulnerability
3- Live Example – WebPwn3r
4- Demo Videos
OWASP
Bug Bounty Programs
https://bugcrowd.com/list-of-bug-bounty-programs/
OWASP
Remote Code Execution Vulnerability
Simply,
PHPCE occurs when user-supplied(GET/POST) values of the parameters
are r...
OWASP
Eval
OWASP
Live Example – WebPwn3r
OWASP
4- Demo Videos
OWASP
Upcoming SlideShare
Loading in …5
×

4 owasp egypt_12_4_2014_ebrahim_hegazy

479 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

4 owasp egypt_12_4_2014_ebrahim_hegazy

  1. 1. Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org Yahoo Zero-Day Vulnerability - Code Point of View Ebrahim Hegazy @Zigoo0 Cyber Security Analyst @Q-CERT Ehegazy@qcert.org 12 April - 2014
  2. 2. OWASP 2 Not this type of bugs!
  3. 3. OWASP Nor even This type Of hunting!
  4. 4. OWASP
  5. 5. OWASP 1- Bug Bounty Programs. 2- Remote Code Execution Vulnerability 3- Live Example – WebPwn3r 4- Demo Videos
  6. 6. OWASP Bug Bounty Programs https://bugcrowd.com/list-of-bug-bounty-programs/
  7. 7. OWASP Remote Code Execution Vulnerability Simply, PHPCE occurs when user-supplied(GET/POST) values of the parameters are reflected inside eval() function, that vulnerability allows attackers to execute PHP code such as {echo system(“id”)} or any other php function/code.
  8. 8. OWASP Eval
  9. 9. OWASP Live Example – WebPwn3r
  10. 10. OWASP 4- Demo Videos
  11. 11. OWASP

×