Explore advanced exploitation techniques in this 43-minute LASCON conference talk from 2013. Delve into the Magical Code Injection Rainbow (MCIR) framework for building configurable vulnerable applications. Learn about SQLol for SQL injection and XMLmao for XML and XPath injection. Discover advanced techniques in SQL injection, XPath injection, cross-site scripting, and shell command injection. Examine the exploitation of insecure cryptosystems and gain insights on creating your own configurable vulnerable application using the MCIR framework. Cover topics such as testbeds, Anti XSS, XMLMAO, cryptography, web security, key reuse, encryption, and shell injection.
Overview
Syllabus
Introduction
What is the Magical Code Injection Rainbow
What are vulnerable applications
Limitations of vulnerable applications
Testbeds
Anti XSS
XMLMAO
Crypt OMG
Web Site
Reusing Keys
Encryption
Shell Injection
Taught by
LASCON
