xss sqli sigurnost

18

Predrag Cujanović Kontakt • mail: [email protected] • blog: http://www.cujanovic.com • tw: http://www.twitter.com/cujanovic • fb: http://www.facebook.com/predrag.cujanovic

Post on 18-Oct-2014

566 views

Category:

Documents

8 download

Report

Download

Embed Size (px):

DESCRIPTION

TRANSCRIPT

Page 1: XSS SQLi sigurnost

Predrag Cujanović

Kontakt• mail: [email protected] • blog: http://www.cujanovic.com• tw: http://www.twitter.com/cujanovic • fb: http://www.facebook.com/predrag.cujanovic

Page 2: XSS SQLi sigurnost

Sadržaj:

•Cross side scripting (XSS) napad• SQL injection (SQLi) napad• Insecure cryptographic storage•Primeri

Page 3: XSS SQLi sigurnost

Cross side scripting (XSS) napad

• Šta je XSS napad?• Tipovi XSS napada•Opasnost XSS napada• Kako sprečiti XSS napad?

Page 4: XSS SQLi sigurnost

Šta je XSS napad?

Page 5: XSS SQLi sigurnost

Tipovi XSS napada

• Non-Persistent (Reflected)• Persistent (Stored)• DOM Based

Page 6: XSS SQLi sigurnost

Opasnost XSS napada

XSS Shell

Page 7: XSS SQLi sigurnost

Page 8: XSS SQLi sigurnost

Opasnost XSS napada

Cookie stealing

Phishing

Page 9: XSS SQLi sigurnost

Kako sprečiti XSS napad?

• Filtriranjem podataka preko već predefinisanih php funkcija:

strip_tags, htmlspecialchars, htmlentities

• Izbegavati pisanje sopstvenih funkcija samo za ovu namenu

Page 10: XSS SQLi sigurnost

SQL injection (SQLi) napad

Šta je SQLi napad? Tipovi SQLi napada Opasnost SQLi napada Kako sprečiti SQLi napad?

Page 11: XSS SQLi sigurnost

Šta je SQLi napad?

Page 12: XSS SQLi sigurnost

Tipovi SQLi napada

Incorrectly filtered escape characters(SELECT * FROM users WHERE name = '' OR '1'='1' -- ';)

Incorrect type handling(SELECT * FROM userinfo WHERE id=1;DROP TABLE users;)

Blind SQL injection(SELECT booktitle FROM booklist WHERE bookId = 'OOk14cd' AND '1'='1';)

Time Based SQL injection (download_key=1' AND 6424=BENCHMARK(5000000,MD5(CHAR(102,100,78,99))) AND 'uzOQ'='uzOQ)

Page 13: XSS SQLi sigurnost

Opasnost SQLi napada

Pristup podacima u bazi (UNION SELECT 1,2,3,4--)

Izmena, brisanje podataka u bazi – DROP users;

Čitanje fajlova - load_file('/etc/passwd') ili load_file(0x2f6574632f706173737764) funkcija

Pravnjenje novih fajlova - INTO OUTFILE '/var/www/victim.com/shell.php'

Page 14: XSS SQLi sigurnost

Kako sprečiti SQLi napad?

mysql_real_escape_string funkcija

is_numeric funkcija

cast to int – (int)

Page 15: XSS SQLi sigurnost

Insecure cryptographic storage

Page 16: XSS SQLi sigurnost

Insecure cryptographic storage

0. koristiti neki hash algoritam

1. ne korisiti zastrarele hash algoritme (md5 je zvanično mrtav)

2. korisiti salt, najbolje ih ne čuvati u bazi (primer Wordpress)

3. korisiti dva različita hash algoritma (sha1($salt.(des($salt.$pass.$salt))))

Page 17: XSS SQLi sigurnost

Insecure cryptographic storage oclHashcat-plus

Page 18: XSS SQLi sigurnost

Hvala na pažnji :)

Pitanja?

Introduction to InfoSec SQLI & XSS (R10+11) - TAU to InfoSec – SQLI & XSS (R10+11) ... • SQL Injection in a Nutshell. ... • jQuery is the most popular Javascript library used

New Techniques in SQLi Obfuscation: SQL never before used in SQLi

SQLI Lab x FREYA

Automated Detection and - Carnegie Mellon University · SQLi and XSS: W3AF Framework used to test IoT application for two of the top ten OWASP vulnerabilities. IoT Device transmitting

Presentation sqli agency 2011

Session Fixation OWASP · OWASP Session Fixation known for several years (at the latest from 2002) Little attention compared to XSS, SQLi, CSRF Little awareness in developers’ world

Security of National eID (smartcard-based) Web Applications of National eID (smartcard-based) Web... · •Top web vulnerabilities: SQLi, XSS, CSRF… –Session management? OWASP

SQLI GROUP - presentation

libinjection: from SQLi to XSS　 by Nick Galbreath

Sqli wp methode_ergonomieweb

13000 SQLi Dorks

Ubérisez-vous ! SQLI Consulting

Exploits: XSS, SQLI, Buffer Overflow These vulnerabilities continue to result in many active exploits. XSS - Cross Site Scripting, comparable to XSRF,

How do I - Jfokus · 2019-09-11 · LDAP Injection, Command Injection, Log Injection, XSS, SQLI etc etc Think old phone systems, Captain Crunch (John Draper) Signaling data and voice

libinjection : SQLi から XSS へ by ニック・ガルブレス

webconf 2008 Farkas István - Hungarian Web Conference · 2019. 11. 22. · •Web-biztonságról •Leggyakoribb problémák •Közismert problémák speciális esetei SQLi, XSS,

Super Manual Sqli

3D Secure - europen.czeuropen.cz/Proceedings/45/3DSecureEurOpen.pdf · crew.blogspot.cz/2014/07/sqli-db-sqli-dork-scanner.html SQLi DB Havij Pro. Title: PowerPoint Presentation Author:

Web Application Security: SQL-injection, Cross Site ... · SQLi und XSS -- w3af 2 Proseminar - Werkzeugunterstützung für sichere Software Web 2.0 Application und Angriffspunkte

SQLI at SpringOne08

Owasp Serbia: sqli,xss

14- Php my sqli

Automatic Creation of SQL Injection and Cross-Site Scripting Attacks 2nd-order XSS attacks 1st-order XSS attacks SQLI attacks Adam Kiezun, Philip J. Guo,

practical SQLi Injection

CSP - the panacea for XSS - owasp.org another security blogger . XSS. 4 XSS ... Over 12 million email messages daily ... CSP Based IDS Magic XSS XSS XSS Test & Fix . 29

SQLi Optimization and Obfuscation

Srikar Nadipally. Outline Finding and Exploiting XSS Vulnerabilities Standard Reflected XSS Stored XSS DOM based XSS Prevention of XSS attack Reflect

Hacknbeers sqli and cryptography

Playing With (B)Sqli

Practical Approach towards SQLi ppt

Hillen Presentation 2017 MTASC AM€¦ · 10/10/2017 5 •INTERNET OFTHINGS •• Insecure Web Interface •- Secure web interface to prevent XSS, SQLi or CSRF •- Ensure credentials

Security of National eID (smartcard-based) Web Applicationssmartcard-based)_W… · Secure Web-App Session Management •Top web vulnerabilities: SQLi, XSS, CSRF… –Session management?

RIPS: A static source code analyser for vulnerabilities in ... · side (SQLi, file inclusion, etc) or XSS. Note that you can also tweak code style rendering to your preference; I

Curious Case of SQLi