1. Web Uygulama Szma Testi zgr Web Teknolojileri Gnleri 13

2. root@intelrad:~$ whoami Mehmet Dursun NCE Pentest Lead at IntelRAD Zafiyet Aratrmacs White Hat Hacker Linux & OpenSource PHP, Python 3. ERK 1. 2. 3. 4.Saldr nasl gerekleir ? Yaanm rnekler ile Uygulama Zafiyetleri Veri taban davranlar Son 4. NPUT 5. OWASP 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.Injection Broken Authentication and Session Management Cross-Site Scripting (XSS) Insecure Direct Object References Security Misconfiguration Sensitive Data Exposure Missing Function Level Access Control Cross-Site Request Forgery (CSRF) Using Components with Known Vulnerabilities Unvalidated Redirects and Forwards 6. HTTP PROXY 7. INJECTION 8. Sql Injection Gerek Hayattan rnek http://sea.ebay.com/list.php?catid=36 9. Sql Injection Gerek Hayattan rnek 10. Sql Injection Gerek Hayattan rnek HTTP requestleri kullanclar tarafndan maniple edilebildiine gre; checkbox[]=2 #SELECT title,content FROM foo WHERE id = 2 Yerine checkbox[]=5 LIMIT 1,1 UNION ALL SELECT version() #SELECT title, content FROM foo WHERE id = 5 LIMIT 1,1 UNION SELECT version(),2 11. Sql Injection Gerek Hayattan rnek Tablo isimleri; phpcms_admin phpcms_admin_role phpcms_admin_role_priv phpcms_ads 12. SQLI UYGULAMA 13. HASHCAT 25 GPU 348 Milyar/sn 14. XSS Nedir ? www.site.com/search/?keyword=Mehmet 15. XSS Nedir ? www.site.com/search/?keyword= 16. XSS Gerek Hayattan rnek - 1 1. 2. 3. 4.From : @blabla.com To: victim@gmail.com victim@gmail.com sahibi mail.google.com adresine girer Fixed : 08.08.2013 17. XSS Gerek Hayattan rnek - 2 1.Dropbox zerinde '">.txt2. 3.Peki Linux zerinde touch komutu ile bu isimde dosya oluturulursa ? Facebook gruplarnda Dropbox zerinden dosya paylam yaplabilmektedir.4.Peki ya sonra... 18. XSS Gerek Hayattan rnek - 2Sonu: Grup yeleri olan tm kullanclarn tarayclarnda javascript kodu altrabilme yetkisi. 19. XSS UYGULAMA 20. Google Reflected XSS - 2 gn nce! 21. Google Reflected XSS - 2 gn nce! 22. XSS Gerek Hayattan rnek - 3 http://www.xyz.com/news/throw-pepper-sprey/#!prettyPhoto[gallery2]/0/ 23. XSS Gerek Hayattan rnek - 3 http://www.xyz.com/news/throw-pepper-sprey/#!prettyPhoto[gallery2]/>svg onload=alert(document.cookie)/ 24. XSS Gerek Hayattan rnek - 3 prettyPhoto javascript librarysi analiz edildiinde;NOT: Jquery 1.9.1 ncesi versiyonlar etkileyen jQuery zafiyeti. Frameworke -ok- gvenmek. 25. XSS Gerek Hayattan rnek - 3 3th party yazlm kullanan projeler; 107 adet projede XSS zafiyeti mevcut. 26. Xml eXternal Entity Nedir ? 27. Gerek Hayattan XXE rnei 28. XXE UYGULAMA 29. Yetki Hatalar www.test.com/fatura/aylik/1337 www.test.com/fatura/aylik/1338 30. Gerek Hayattan Yetki Hatalar https://ap.nokia.com/APPortalExt/mycompany/requests.aspx?id=26033 31. Gerek Hayattan Yetki Hatalar https://ap.nokia.com/APPortalExt/mycompany/requests.aspx?id=26029 32. Veritaban 33. Veritaban 34. Veritaban 35. Veritaban 36. Veritaban 37. Gerek Hayattan rnek 38. Gerek Hayattan rnekSonu TRUE dner. 39. Gerek Hayattan rnek 1. email VARCHAR (100); 2. Hacker sisteme aadaki mail adresi ile ye olur admin@abc.com 100 adet boluk AAAAAA 3. checkEmailAdresi methodu TRUE dner. 4. Hacker yazlm zerinde kendi ifresini deitirir. 5. Yazlm ifre gncellemesini user id yerine email adresine gre yapar. 6. Administratorun ve hackern ifresi updatelenir. 40. NERLER Web Programlama Dili Exploit-db.com E-Kitaplar; Kali ve Linuxe Giri [Turkish] Web Application Security #101 [Turkish] Source Code Analysis at Web Applications - I [Turkish] Source Code Analysis at Web Applications - II Web Application Hacker's Handbook 41. Teekkrler Mehmet Dursun INCE mehmet.ince@intelrad.com twitter.com/mmetinceTeekkrler : 1. Roy Castillo 2. Detectify 3. Vinesh Redkat 4. mkyong.com 5. Oren Hafif