Play all

Intro

Orange Tsai

Agenda

Polyglot URL path

Why path normalization

Can you spot the vulnerability?

Nginx off-by-slash fail

How to find this problem?

Spring Oday - CVE-2018-1271

Bonus on Spark framework

Rails Oday - CVE-2018-3760

For the RCE lover

URL path parameter

When reverse proxy meets...

How danger it could be?

Uber bounty case

Bynder RCE case study

Inconsistency to ACL bypass

Misa New Password

Misconfiguration to auth bypass

Log injection to RCE

Private bounty case

Amazon RCE case study

Path normalization bug leads to ACL bypass

Seam Feature

Code reuse bug leads to Expression Language injection

EL blacklist bypassed leads to Remote Code Execution

Mitigation

Summary

Description:

Explore path normalization vulnerabilities and their exploitation in this conference talk from Hack.lu 2018. Delve into various case studies, including Nginx off-by-slash failures, Spring and Rails 0days, and RCE vulnerabilities in Uber and Amazon. Learn about polyglot URL paths, spotting vulnerabilities, and techniques for finding these issues. Examine the dangers of reverse proxy interactions, ACL bypasses through inconsistencies, and authentication bypasses via misconfigurations. Discover how log injection can lead to RCE and how code reuse bugs can result in Expression Language injection. Gain insights into mitigation strategies and summarize key takeaways for improving web application security.

Take Your Path Normalization Off and Pop 0days Out

Cooper

Add to list

#Conference Talks #Hack.lu #Information Security (InfoSec) #Ethical Hacking #Penetration Testing #Remote Code Execution (RCE) #Cybersecurity #Web Security #Computer Science #Reverse Proxies

0:00 / 0:00