yahoo zero-day vulnerability - code point of view
DESCRIPTION
Ebrahim Hegazy @Zigoo0 Cyber Security Analyst @Q-CERT [email protected]. Yahoo Zero-Day Vulnerability - Code Point of View. 12 April - 2014. Not this type of bugs!. Nor even This type Of hunting!. 1- Bug Bounty Programs. 2- Remote Code Execution Vulnerability 3- Live Example – WebPwn3r - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Yahoo Zero-Day Vulnerability - Code Point of View](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56813b13550346895da3c036/html5/thumbnails/1.jpg)
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
Yahoo Zero-Day Vulnerability - Code Point of View
Ebrahim Hegazy@Zigoo0Cyber Security Analyst @[email protected]
12 April - 2014
![Page 2: Yahoo Zero-Day Vulnerability - Code Point of View](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56813b13550346895da3c036/html5/thumbnails/2.jpg)
OWASP 2
Not this type of bugs!
![Page 3: Yahoo Zero-Day Vulnerability - Code Point of View](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56813b13550346895da3c036/html5/thumbnails/3.jpg)
OWASP
Nor even This type Of hunting!
![Page 4: Yahoo Zero-Day Vulnerability - Code Point of View](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56813b13550346895da3c036/html5/thumbnails/4.jpg)
OWASP
![Page 5: Yahoo Zero-Day Vulnerability - Code Point of View](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56813b13550346895da3c036/html5/thumbnails/5.jpg)
OWASP
1- Bug Bounty Programs.2- Remote Code Execution Vulnerability3- Live Example – WebPwn3r4- Demo Videos
![Page 6: Yahoo Zero-Day Vulnerability - Code Point of View](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56813b13550346895da3c036/html5/thumbnails/6.jpg)
OWASP
Bug Bounty Programs
https://bugcrowd.com/list-of-bug-bounty-programs/
![Page 7: Yahoo Zero-Day Vulnerability - Code Point of View](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56813b13550346895da3c036/html5/thumbnails/7.jpg)
OWASP
Remote Code Execution Vulnerability
Simply, PHPCE occurs when user-supplied(GET/POST) values of the parameters are reflected inside eval() function, that vulnerability allows attackers to execute PHP code such as {echo system(“id”)} or any other php function/code.
![Page 8: Yahoo Zero-Day Vulnerability - Code Point of View](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56813b13550346895da3c036/html5/thumbnails/8.jpg)
OWASP
Eval
![Page 9: Yahoo Zero-Day Vulnerability - Code Point of View](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56813b13550346895da3c036/html5/thumbnails/9.jpg)
OWASP
Live Example – WebPwn3r
![Page 10: Yahoo Zero-Day Vulnerability - Code Point of View](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56813b13550346895da3c036/html5/thumbnails/10.jpg)
OWASP
4- Demo Videos
![Page 11: Yahoo Zero-Day Vulnerability - Code Point of View](https://reader035.vdocuments.mx/reader035/viewer/2022062722/56813b13550346895da3c036/html5/thumbnails/11.jpg)
OWASP