YoVDO

Take Your Path Normalization Off and Pop 0days Out

Offered By: Cooper via YouTube

Tags

Hack.lu Courses Ethical Hacking Courses Penetration Testing Courses Remote Code Execution (RCE) Courses Web Security Courses Reverse Proxies Courses

Course Description

Overview

Explore path normalization vulnerabilities and their exploitation in this conference talk from Hack.lu 2018. Delve into various case studies, including Nginx off-by-slash failures, Spring and Rails 0days, and RCE vulnerabilities in Uber and Amazon. Learn about polyglot URL paths, spotting vulnerabilities, and techniques for finding these issues. Examine the dangers of reverse proxy interactions, ACL bypasses through inconsistencies, and authentication bypasses via misconfigurations. Discover how log injection can lead to RCE and how code reuse bugs can result in Expression Language injection. Gain insights into mitigation strategies and summarize key takeaways for improving web application security.

Syllabus

Intro
Orange Tsai
Agenda
Polyglot URL path
Why path normalization
Can you spot the vulnerability?
Nginx off-by-slash fail
How to find this problem?
Spring Oday - CVE-2018-1271
Bonus on Spark framework
Rails Oday - CVE-2018-3760
For the RCE lover
URL path parameter
When reverse proxy meets...
How danger it could be?
Uber bounty case
Bynder RCE case study
Inconsistency to ACL bypass
Misa New Password
Misconfiguration to auth bypass
Log injection to RCE
Private bounty case
Amazon RCE case study
Path normalization bug leads to ACL bypass
Seam Feature
Code reuse bug leads to Expression Language injection
EL blacklist bypassed leads to Remote Code Execution
Mitigation
Summary


Taught by

Cooper

Related Courses

Certified Ethical Hacker (CEH) - Linux Academy's Prep Course
A Cloud Guru
Advanced Python Scripting for Cybersecurity
Infosec via Coursera
Introduction to IT Security
Akamai via Coursera
Cyber Comp 1A
Cabrillo College via California Community Colleges System
Ethical Hacking
Cabrillo College via California Community Colleges System