Take Your Path Normalization Off and Pop 0days Out

Take Your Path Normalization Off and Pop 0days Out

Cooper via YouTube Direct link

Seam Feature

25 of 29

25 of 29

Seam Feature

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Take Your Path Normalization Off and Pop 0days Out

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Orange Tsai
  3. 3 Agenda
  4. 4 Polyglot URL path
  5. 5 Why path normalization
  6. 6 Can you spot the vulnerability?
  7. 7 Nginx off-by-slash fail
  8. 8 How to find this problem?
  9. 9 Spring Oday - CVE-2018-1271
  10. 10 Bonus on Spark framework
  11. 11 Rails Oday - CVE-2018-3760
  12. 12 For the RCE lover
  13. 13 URL path parameter
  14. 14 When reverse proxy meets...
  15. 15 How danger it could be?
  16. 16 Uber bounty case
  17. 17 Bynder RCE case study
  18. 18 Inconsistency to ACL bypass
  19. 19 Misa New Password
  20. 20 Misconfiguration to auth bypass
  21. 21 Log injection to RCE
  22. 22 Private bounty case
  23. 23 Amazon RCE case study
  24. 24 Path normalization bug leads to ACL bypass
  25. 25 Seam Feature
  26. 26 Code reuse bug leads to Expression Language injection
  27. 27 EL blacklist bypassed leads to Remote Code Execution
  28. 28 Mitigation
  29. 29 Summary

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.