Explore a comprehensive analysis of security vulnerabilities in DataBinding mechanisms across popular web frameworks. Delve into the research conducted on top frameworks like Spring, Struts, Grails, and Ruby on Rails, uncovering critical security bugs that can lead to remote code execution. Learn about the potential risks associated with DataBinding, moving beyond the well-known Mass Assignment issue to examine the security of the mechanism itself. Gain insights into novel attack vectors and understand the implications for web application security. This 37-minute Black Hat conference talk provides valuable information for developers, security professionals, and anyone interested in web framework vulnerabilities and exploitation techniques.
DataBinding2Shell - Novel Pathways to RCE Web Frameworks
Overview
Syllabus
DataBinding2Shell: Novel Pathways to RCE Web Frameworks
Taught by
Black Hat
Related Courses
-
CVE Series: Confluence RCE (CVE-2022-26134)
-
Server-Side Template Injection - RCE for the Modern Web App
-
Is WebAssembly Really Safe? - Wasm VM Escape and RCE Vulnerabilities Have Been Found in New Way
-
Prototype Pollution Leads to RCE - Gadgets Everywhere
-
Take Your Path Normalization Off and Pop 0days Out
-
A Pre-Auth RCE on Leading SSL VPNs
