Web-App Remote Code Execution Via Scripting Engines

•Download as PPTX, PDF•

5 likes•5,040 views

c0c0n - International Cyber Security and Policing Conference

Web-App Remote Code Execution Via Scripting Engines by Rahul Sasi at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html

Technology

Web-App Remote Code Execution
Via Scripting Engines.

Rahul Sasi(fb1h2s)

Who am I ?

• Rahul Sasi (fb1h2s)
• Security Researcher @
• Member Garage4Hackers.

Garage 4 Hackers
Information Security
professionals from
Fortune 500, Security
research and Consulting
firms from all across the
world.

•Security Firms
•Consulting Firms
•Research Firms
•Law Enforcements

http://www.Garage4Hackers.com

• Offensive Security(Hacking) is Money Making
Business.

• Defensive Security , sort of an investment or
many considers it waste of money.

Web-App Remote Code Execution
Via Scripting Engines.

What is the Difference between a Web
App Pen-tester and a Paid Hacker with
Malicious Intend ?

Web App-Pen tester is paid and given
One week to find all the vulnerabilities
in the Application.

Hacker is paid with no time constrains
to find just one vulnerability to get into
the system.

Attacking Web Applications via
Scripting Engines .

Agenda
• Apache PHP Architecture .
• Web App Exploitation
• Local PHP Vulnerabilities.
• Source Code Auditing.
• Memory Corruptions . [ROP Chains]
• Remote PHP Vulnerabilities
• File formats and Remote Exploitation.

Common Web Test
• Manipulates Input and check for responses
from the app.

• Exploiting Scripting Engines.

Digging Deep for Treasure.

Exploiting Scripting Engines
• PHP
• ASPX (.NET)
• Python
• Perl
• Etc..

Attacking PHP Engines

• For Privilege Escalation
• Code Execution in Protected Environments
• Bypassing Security Restrictions

Attacking PHP Engines
Local Attacks
• History of PHP Exploits Used in the Wild
PHP Symlink Exploit
PHP Nginx Exploit

• 0days

 PHP Windows COM 0-day

PHP Symlink Exploit
• Privilege Escalation
• IF pak.com and IN.com are on the same
server.
Used Widely

• Demo

0-days (Win)
• 0-day Markets.
 Huge 10,000 USD
• PHP Dom 0-day on Windows

• The Vulnerable Function

• Com_event_sink()

• ROP Chains

Code Execution (ROP ing)
• The general idea is to use the already existing
pieces of code and redirect the flow of the
application.

• Add the desired Shellcode and jump to it.

Code Execution
• Get an Interactive Shell on the System.

Attacking PHP :
Remote Exploits:
• History Of Bugs:

 CVE-ID: 2012-0057, Arbitrary file creation via libxslt.
 CVE-2012-2329 (Apache Request Header)
CVE-2012-1823,CVE-2012-2311 ( php-cgi bug “=“ )

• 0-days
 PHP GD bugs.

php-cgi bug “=“ CVE-2012-1823
• The Bug
Index.php?-s
 Will show the source, we can inject PHP
command line arguments to the compiler.
The attack.
http://www.badguys.com/index.php-s

PHP GD

• Image processing Algorithms .

• Takes input (images) and output processed
image

• Could trigger memory corruption via Input
images and trigger code execution.

Detecting them .
• An Example of Our Exploration .

• Processed Images insert Meta tags , which
informs about the PHP functions used.

• “CREATOR: gd-jpeg v1.0 (using IJG JPEG v80),
quality = 75”

• We Analyzed the Source code of GD engine
and figured out the exact function used.

• Fuzzed using our GD Fuzzer , made a reliable
exploit. 0-day

Thanks

• http://www.twitter.com/fb1h2s
• http://www.garage4hacers.com

What's hot

Nowadays REST APIs are behind each mobile and nearly all of web applications. As such they bring a wide range of possibilities in cases of communication and integration with given system. But with great power comes great responsibility. This talk aims to provide general guidance related do API security assessment and covers common API vulnerabilities. We will look at an API interface from the perspective of potential attacker. I will show: how to find hidden API interfaces ways to detect available methods and parameters fuzzing and pentesting techniques for API calls typical problems I will share several interesting cases from public bug bounty reports and personal experience, for example: * how I got various credentials with one API call * how to cause DoS by running Garbage Collector from API

REST API Pentester's perspective

SecuRing

Live Hacking like a MVH – A walkthrough on methodology and strategies to win big

Frans Rosén

Bug bounty null_owasp_2k17

Sagar M Parmar

Pentesting ReST API

Nutan Kumar Panda

Ekoparty 2017 - The Bug Hunter's Methodology

bugcrowd

This is my talk from OWASP Appsec EU and also Security Fest 2017. A few years ago, Frans and his team posted an article on Detectify Labs regarding domain hijacking using services like AWS, Heroku and GitHub. These issues still remains and are still affecting a lot of companies. Jonathan Claudius from Mozilla even calls “Subdomain takeover” “the new XSS”. Since then, many tools have popped up to spot these sorts of vulnerabilities. Frans will go through both the currently disclosed and the non-disclosed ways to take control over domains and will share the specific techniques involved.

DNS hijacking using cloud providers – No verification needed

Frans Rosén

OWASP Top 10 A4 – Insecure Direct Object Reference

Narudom Roongsiriwong, CISSP

Bug Bounty #Defconlucknow2016

Shubham Gupta

Polyglot payloads in practice by avlidienbrunn at HackPra

Mathias Karlsson

Bug bounty recon.pdf

EusebiuDanielBlindu

Bug Bounty - Hackers Job

Arbin Godar

APISecurity_OWASP_MitigationGuide

Isabelle Mauny

Recon in Pentesting

Komal Armarkar

OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies

OWASP

Attacking thru HTTP Host header

Sergey Belov

HTTP Request Smuggling via higher HTTP versions

neexemil

Offzone | Another waf bypass

Дмитрий Бумов

Waf bypassing Techniques

Avinash Thapa

Building Advanced XSS Vectors

Rodolfo Assis (Brute)

Time based CAPTCHA protected SQL injection through SOAP-webservice

Frans Rosén

What's hot (20)

REST API Pentester's perspective

Live Hacking like a MVH – A walkthrough on methodology and strategies to win big

Bug bounty null_owasp_2k17

Pentesting ReST API

Ekoparty 2017 - The Bug Hunter's Methodology

DNS hijacking using cloud providers – No verification needed

OWASP Top 10 A4 – Insecure Direct Object Reference

Bug Bounty #Defconlucknow2016

Polyglot payloads in practice by avlidienbrunn at HackPra

Bug bounty recon.pdf

Bug Bounty - Hackers Job

APISecurity_OWASP_MitigationGuide

Recon in Pentesting

OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies

Attacking thru HTTP Host header

HTTP Request Smuggling via higher HTTP versions

Offzone | Another waf bypass

Waf bypassing Techniques

Building Advanced XSS Vectors

Time based CAPTCHA protected SQL injection through SOAP-webservice

Viewers also liked

Bypass file upload restrictions

Mukesh k.r

XXE Exposed Webinar Slides: Brief coverage of SQLi and XSS against Web Services to then talk about XXE and XEE attacks and mitigation. Heavily inspired on the "Practical Web Defense" (PWD) style of pwnage + fixing (https://www.elearnsecurity.com/PWD) Full recording here: NOTE: (~20 minute) XXE + XEE Demo Recording starts at minute 25 https://www.elearnsecurity.com/collateral/webinar/xxe-exposed/

XXE Exposed: SQLi, XSS, XXE and XEE against Web Services

Abraham Aranguren

Jon Gorenflo - Burp Collaborator

centralohioissa

This talk is going to be all about Burp. I will explain why is such a great tool and how it compares with similar ones. Its going to have a quick walkthrough of its main features, but the juicy part is going to be about how to fully explore its main tools, such as the scanner, intruder and sequencer, to increase the number and type of vulnerabilities found. In addition, I will provide an overview of the Burp Extender Interface and how to easily and quickly take advantage of extensions to increase its awesomeness. I will show how easy is for an pentester to translate an idea to a extension and (I hope) publicly release one plugin to further help pentesters. The talks objective is to increase your efficiency while using Burp, either by taking advantage of its excellent tools or by adding that feature that really need. Presented at BSides Lisbon at 04/10/13 (http://bsideslisbon.org)

BSides Lisbon 2013 - All your sites belong to Burp

Tiago Mendo

Apache Multiview Vulnerability

Ronan Dunne, CEH, SSCP

Blind xss

Ronan Dunne, CEH, SSCP

Automated and Effective Testing of Web Services for XML Injection Attacks

Lionel Briand

AppSec USA 2015: Customizing Burp Suite

August Detlefsen

File upload vulnerabilities & mitigation

Onwukike Chinedu. CISA, CEH, COBIT5 LI, CCNP

Sql injection bypassing hand book blackrose

Noaman Aziz

Cross Domain Hijacking - File Upload Vulnerability

Ronan Dunne, CEH, SSCP

Writing vuln reports that maximize payouts - Nullcon 2016

bugcrowd

In this talk, we’ll walk through utilizing one of the most popular web vulnerability testing frameworks BurpSuite. During this presentation we will cover the process of how to conduct a successful web penetration tests, while utilizing BurpSuite's features and tools (Free and Pro Version). This discussion will also cover realistic examples and a brief overview of common vulnerabilities found in web applications.

Web Hacking With Burp Suite 101

Zack Meyers

XML Attack Surface - Pierre Ernst (OWASP Ottawa)

OWASP Ottawa

XML & XPath Injections

AMol NAik

Xml external entities [xxe]

mattymcfatty

Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet. It's time to explore new ways to get complete control over the database management system's underlying operating system through a SQL injection vulnerability in those over-looked and theoretically not exploitable scenarios: From the command execution on MySQL and PostgreSQL to a stored procedure's buffer overflow exploitation on Microsoft SQL Server. These and much more will be unveiled and demonstrated with my own tool's new version that I will release at the Conference (http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele).

Advanced SQL injection to operating system full control (whitepaper)

Bernardo Damele A. G.

Burp Suite Starter

Fadi Abdulwahab

Advanced SQL injection to operating system full control (slides)

Bernardo Damele A. G.

Black Hat: XML Out-Of-Band Data Retrieval

qqlan

Viewers also liked (20)

Bypass file upload restrictions

XXE Exposed: SQLi, XSS, XXE and XEE against Web Services

Jon Gorenflo - Burp Collaborator

BSides Lisbon 2013 - All your sites belong to Burp

Apache Multiview Vulnerability

Blind xss

Automated and Effective Testing of Web Services for XML Injection Attacks

AppSec USA 2015: Customizing Burp Suite

File upload vulnerabilities & mitigation

Sql injection bypassing hand book blackrose

Cross Domain Hijacking - File Upload Vulnerability

Writing vuln reports that maximize payouts - Nullcon 2016

Web Hacking With Burp Suite 101

XML Attack Surface - Pierre Ernst (OWASP Ottawa)

XML & XPath Injections

Xml external entities [xxe]

Advanced SQL injection to operating system full control (whitepaper)

Burp Suite Starter

Advanced SQL injection to operating system full control (slides)

Black Hat: XML Out-Of-Band Data Retrieval

Similar to Web-App Remote Code Execution Via Scripting Engines

External JavaScript Widget Development Best Practices (updated) (v.1.1)

Volkan Özçelik

Java scriptwidgetdevelopmentjstanbul2012

Volkan Özçelik

External JavaScript Widget Development Best Practices

Volkan Özçelik

Malware cryptomining uploadv3

Setia Juli Irzal Ismail

Attendees will learn the best web application security practices used by major US government entities. The presentation will cover network configuration, caching, replication, common web application vulnerabilities, and how making these changes will result in better web site performance and user satisfaction. The five most common types of web application attacks will be explained, along with simple ways to prevent them.

Do you lose sleep at night?

Nathan Van Gheem

Stay safe, grab a drink and join us virtually for our upcoming "The Hacking Game - A Road to Post Exploitation" meetup to learn how hackers can compromise the software supply chain, advanced data protection methods on WebLogic Server and how to use AI in order to protect your software. Agenda: 17:00 - 17:10 - 'Opening words' - by Gidi Farkash (CISO at Pipl Security) 17:10 - 17:40 - 'Tracking Attackers in Open Source Supply Chain - Lessons Learned' - by Jossef Harush Kadouri (Head of Software Supply Chain Security at Checkmarx) 17:40 - 18:20 - 'WebLogic - The Road to Post Exploitation' - by Amit German (Cyber Security Researcher at Pentera) 18:20 - 19:00 - 'AI In The Hands of Application Security' - by Brit Glazer (Head of Information Security at Unit)

The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx

lior mazor

Ruby on Rails Penetration Testing

3S Labs

Proactive Security AppSec Case Study

Andy Hoernecke

Rhodes

jwallace41

Android lessons you won't learn in school

Michael Galpin

01/2009 - Portral development with liferay

daveayan

Today’s cutting-edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share the processes that Amazon’s engineers use to practice DevOps and discuss how you can bring these processes to your company by using a new set of AWS tools (AWS CodePipeline and AWS CodeDeploy). These services were inspired by Amazon's own internal developer tools and DevOps culture.

DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools

Amazon Web Services

API SECURITY

Tubagus Rizky Dharmawan

"Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward mitigating more complex threats. As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (SRI), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP) carry larger implementation risks than others such as HTTP Strict Transport Security (HSTS). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose. In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios. As a bonus for the breakers, we'll explore and demonstrate exploitations of the emergent risks in these more volatile standards, to include multiple vulnerabilities uncovered quite literally during our research for this talk (which will hopefully be mitigated by d-day)." (Source: Black Hat USA 2016, Las Vegas)

Abusing bleeding edge web standards for appsec glory

Priyanka Aash

The best way to enable developers to create secure applications is to “shift left” in security. That means providing developers with the tools and techniques that help build more secure applications from the get-go. Developers may get security controls into their applications in different ways. They may write them from scratch following security training or guidance, they may use open source libraries, or they may use frameworks that have the security features built in already. In this talk we explore JavaScript applications that use different types of security controls implemented at levels ranging from developer code, to libraries and plugins, to different frameworks, and analyze which applications actually turn out to be more secure. This work is based on analysis of over 500 open source JavaScript applications on GitHub that use client-side frameworks and template engines to prevent XSS, as well as server-side frameworks (Express, Koa, Hapi, Sails, Meteor) and CSRF prevention mechanisms. In conclusion, we provide data-driven recommendations for framework maintainers and application developers on how to develop and choose a framework that will actually make applications more secure.

How do JavaScript frameworks impact the security of applications?

Ksenia Peguero

Workshop on Network Security

UC San Diego

Outsmarting SmartPhones

saurabhharit

Attackers don’t just search for technology vulnerabilities, they take the easiest path and find the human vulnerabilities. Drive by web attacks, targeted spear phishing, and more are commonplace today with the goal of delivering custom malware. In a world where delivering custom advanced malware that handily evades signature and blacklisting approaches, and does not depend on application software vulnerabilities, how do we understand when are environments are compromised? What are the telltale signs that compromise activity has started, and how can we move to arrest a compromise in progress before the attacker laterally moves and reinforces their position? The penetration testing community knows these signs and artifacts of advanced malware presence, and it is up to us to help educate defenders on what to look for.

BSIDES-PR Keynote Hunting for Bad Guys

Joff Thyer

Indicator of Compromise (IOC) is a piece of information that can be used to search for or identify potentially compromised systems. openioc_scan is an open-source IOC scanner for memory forensics and implemented as a plugin of Volatility Framework. By checking IOCs in RAM images (e.g., code injection sign, used/hooked API functions, unpacked code sequences), we can detect malware faster and deeper than disk-based traditional IOCs. In this presentation, I explain how to define and improve IOCs for openioc_scan, introduce IOC examples including not only IOCs for specific malware but also ones focusing on generic traits of malware. I also show remote malware triage automation combining with F-Response.

openioc_scan - IOC scanner for memory forensics

Takahiro Haruyama

While graph databases are primarily known as the backbone of the modern social networks, we have found a much more interesting application for them: program analysis. This talk aims to demonstrate that graph databases and the typical program representations developed in compiler construction are a match made in heaven, allowing large code bases to be mined for vulnerabilities using complex bug descriptions encoded in simple, and not so simple graph database queries. This talk will bring together two well-known but previously unrelated topics: static program analysis and graph databases. After briefly covering the "emerging graph landscape" and why it may be interesting for hackers, a graph representation of programs exposing syntax, control-flow, data-dependencies and type information is presented, designed specifically with bug/backdoors/business logic flaws hunting in mind. Capabilities of the system will then be demonstrated live with Joern, an open source code exploration tool, as we craft queries for RCE exploits, insider attacks, data leak detection.

How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code

DevOps.com

Similar to Web-App Remote Code Execution Via Scripting Engines (20)

External JavaScript Widget Development Best Practices (updated) (v.1.1)

Java scriptwidgetdevelopmentjstanbul2012

External JavaScript Widget Development Best Practices

Malware cryptomining uploadv3

Do you lose sleep at night?

The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx

Ruby on Rails Penetration Testing

Proactive Security AppSec Case Study

Rhodes

Android lessons you won't learn in school

01/2009 - Portral development with liferay

DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools

API SECURITY

Abusing bleeding edge web standards for appsec glory

How do JavaScript frameworks impact the security of applications?

Workshop on Network Security

Outsmarting SmartPhones

BSIDES-PR Keynote Hunting for Bad Guys

openioc_scan - IOC scanner for memory forensics

How-To Find Malicious Backdoors and Business Logic Vulnerabilities in Your Code

More from c0c0n - International Cyber Security and Policing Conference

Leveraging mobile & wireless technology for Law and Order

c0c0n - International Cyber Security and Policing Conference

Cracking the Mobile Application Code

c0c0n - International Cyber Security and Policing Conference

I haz you and pwn your maal

c0c0n - International Cyber Security and Policing Conference

Why Government & Corporate Cyber Programmes are Failing

c0c0n - International Cyber Security and Policing Conference

Public Private Partnership - Combating CyberCrime

c0c0n - International Cyber Security and Policing Conference

OSINT - Open Source Intelligence

c0c0n - International Cyber Security and Policing Conference

UI-Redressing Attacks - The Process & Exploitation

c0c0n - International Cyber Security and Policing Conference

More from c0c0n - International Cyber Security and Policing Conference (7)

Leveraging mobile & wireless technology for Law and Order

Cracking the Mobile Application Code

I haz you and pwn your maal

Why Government & Corporate Cyber Programmes are Failing

Public Private Partnership - Combating CyberCrime

OSINT - Open Source Intelligence

UI-Redressing Attacks - The Process & Exploitation

Recently uploaded

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Increase engagement and revenue with Muvi Live Paywall! In this presentation, we will explore the five key benefits of using Muvi Live Paywall to monetize your live streams. You'll learn how Muvi Live Paywall can help you: Monetize your live content easily: Set up pay-per-view access to your live streams and start generating revenue from your content. Increase audience engagement: Provide exclusive, premium content behind the paywall to keep your viewers engaged. Gain valuable viewer insights: Track viewer data and analytics to better understand your audience and tailor your content accordingly. Reduce content piracy: Muvi Live Paywall's security features help protect your content from unauthorized distribution. Streamline your workflow: The all-in-one platform simplifies the process of managing and monetizing your live streams. With Muvi Live Paywall, you can take control of your live stream monetization and create a sustainable business model for your content. Learn more about Muvi Live Paywall and start generating revenue from your live streams today!

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Roshan Dwivedi

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Scaling API-first – The story of a global engineering organization

Radu Cotescu

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity

Partners Life - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Automating Google Workspace (GWS) & more with Apps Script

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

2024: Domino Containers - The Next Step. News from the Domino Container commu...

AWS Community Day CPH - Three problems of Terraform

How to Troubleshoot Apps for the Modern Connected Worker

🐬 The future of MySQL is Postgres 🐘

Exploring the Future Potential of AI-Enabled Smartphone Processors

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

The 7 Things I Know About Cyber Security After 25 Years | April 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Scaling API-first – The story of a global engineering organization

Artificial Intelligence: Facts and Myths

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Web-App Remote Code Execution Via Scripting Engines

1. Web-App Remote Code Execution Via Scripting Engines. Rahul Sasi(fb1h2s)

2. Who am I ? • Rahul Sasi (fb1h2s) • Security Researcher @ • Member Garage4Hackers.

3. Garage 4 Hackers Information Security professionals from Fortune 500, Security research and Consulting firms from all across the world. •Security Firms •Consulting Firms •Research Firms •Law Enforcements http://www.Garage4Hackers.com

4. I

5. • Offensive Security(Hacking) is Money Making Business. • Defensive Security , sort of an investment or many considers it waste of money.

6. Why Offensive Security?

7. Web-App Remote Code Execution Via Scripting Engines.

8. What is the Difference between a Web App Pen-tester and a Paid Hacker with Malicious Intend ?

9. Web App-Pen tester is paid and given One week to find all the vulnerabilities in the Application. Hacker is paid with no time constrains to find just one vulnerability to get into the system.

10. Attacking Web Applications via Scripting Engines .

11. Agenda • Apache PHP Architecture . • Web App Exploitation • Local PHP Vulnerabilities. • Source Code Auditing. • Memory Corruptions . [ROP Chains] • Remote PHP Vulnerabilities • File formats and Remote Exploitation.

12. Common Web Test • Manipulates Input and check for responses from the app. • Exploiting Scripting Engines.

13.

14. Digging Deep for Treasure. Exploiting Scripting Engines • PHP • ASPX (.NET) • Python • Perl • Etc..

15. PHP Architecture

16. PHP + Apache Security Architecture for

17. Attacking PHP Engines • For Privilege Escalation • Code Execution in Protected Environments • Bypassing Security Restrictions

18. PHP Local Exploits

19. Attacking PHP Engines Local Attacks • History of PHP Exploits Used in the Wild PHP Symlink Exploit PHP Nginx Exploit • 0days  PHP Windows COM 0-day

20. PHP Symlink Exploit • Privilege Escalation • IF pak.com and IN.com are on the same server. Used Widely • Demo

21. 0-days (Win) • 0-day Markets.  Huge 10,000 USD • PHP Dom 0-day on Windows • The Vulnerable Function • Com_event_sink() • ROP Chains

22. Php Com_event_sink()

23. The Bug

24. Code Execution (ROP ing) • The general idea is to use the already existing pieces of code and redirect the flow of the application. • Add the desired Shellcode and jump to it.

25. Code Execution • Get an Interactive Shell on the System.

26. Remote Exploits

27. Attacking PHP : Remote Exploits: • History Of Bugs:  CVE-ID: 2012-0057, Arbitrary file creation via libxslt.  CVE-2012-2329 (Apache Request Header) CVE-2012-1823,CVE-2012-2311 ( php-cgi bug “=“ ) • 0-days  PHP GD bugs.

28. php-cgi bug “=“ CVE-2012-1823 • The Bug Index.php?-s  Will show the source, we can inject PHP command line arguments to the compiler. The attack. http://www.badguys.com/index.php-s

29. CVE-2012-2311 php-cgi bug “=“

30. Demo

31. PHP GD Bugs

32. PHP GD • Image processing Algorithms . • Takes input (images) and output processed image • Could trigger memory corruption via Input images and trigger code execution.

33. Detecting them . • An Example of Our Exploration . • Processed Images insert Meta tags , which informs about the PHP functions used. • “CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 75”

34. • We Analyzed the Source code of GD engine and figured out the exact function used. • Fuzzed using our GD Fuzzer , made a reliable exploit. 0-day

35. 0-days in GD Engine.

36. Demo

37. Thanks • http://www.twitter.com/fb1h2s • http://www.garage4hacers.com

Web-App Remote Code Execution Via Scripting Engines

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Web-App Remote Code Execution Via Scripting Engines

Similar to Web-App Remote Code Execution Via Scripting Engines (20)

More from c0c0n - International Cyber Security and Policing Conference

More from c0c0n - International Cyber Security and Policing Conference (7)

Recently uploaded

Recently uploaded (20)

Web-App Remote Code Execution Via Scripting Engines