Breaking Parser Logic - Take Your Path Normalization Off and Pop 0days Out

Breaking Parser Logic - Take Your Path Normalization Off and Pop 0days Out

Black Hat via YouTube Direct link

Intro

1 of 30

1 of 30

Intro

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Breaking Parser Logic - Take Your Path Normalization Off and Pop 0days Out

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Orange Tsai
  3. 3 Agenda
  4. 4 Polyglot URL path
  5. 5 Why path normalization
  6. 6 Can you spot the vulnerability?
  7. 7 Nginx off-by-slash fail
  8. 8 How to find this problem?
  9. 9 Spring Oday - CVE-2018-1271
  10. 10 Bonus on Spark framework
  11. 11 Rails Oday - CVE-2018-3760
  12. 12 For the RCE lover
  13. 13 URL path parameter
  14. 14 When reverse proxy meets...
  15. 15 How danger it could be?
  16. 16 Am I affected by this vuln?
  17. 17 Uber bounty case
  18. 18 Bynder RCE case study
  19. 19 Inconsistency to ACL bypass
  20. 20 Misconfiguration to auth bypass
  21. 21 Log injection to RCE
  22. 22 Amazon RCE case study
  23. 23 Path normalization bug leads to ACL bypass
  24. 24 Seam Feature
  25. 25 Code reuse bug leads to Expression Language injection
  26. 26 EL blacklist bypassed leads to Remote Code Execution
  27. 27 Chain all together
  28. 28 Mitigation
  29. 29 Summary
  30. 30 Reference

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.