Yahoo Zero-Day Vulnerability - Code Point of View

Preview:

Click to see full reader

DESCRIPTION

Ebrahim Hegazy @Zigoo0 Cyber Security Analyst @Q-CERT Ehegazy@qcert.org. Yahoo Zero-Day Vulnerability - Code Point of View. 12 April - 2014. Not this type of bugs!. Nor even This type Of hunting!. 1- Bug Bounty Programs. 2- Remote Code Execution Vulnerability 3- Live Example – WebPwn3r - PowerPoint PPT Presentation

Citation preview

Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.

The OWASP Foundation

OWASP

http://www.owasp.org

Yahoo Zero-Day Vulnerability - Code Point of View

Ebrahim Hegazy@Zigoo0Cyber Security Analyst @Q-CERTEhegazy@qcert.org

12 April - 2014

OWASP 2

Not this type of bugs!

OWASP

Nor even This type Of hunting!

OWASP

OWASP

1- Bug Bounty Programs.2- Remote Code Execution Vulnerability3- Live Example – WebPwn3r4- Demo Videos

OWASP

Bug Bounty Programs

https://bugcrowd.com/list-of-bug-bounty-programs/

OWASP

Remote Code Execution Vulnerability

Simply, PHPCE occurs when user-supplied(GET/POST) values of the parameters are reflected inside eval() function, that vulnerability allows attackers to execute PHP code such as {echo system(“id”)} or any other php function/code.

OWASP

Eval

OWASP

Live Example – WebPwn3r

OWASP

4- Demo Videos

OWASP

Recommended

Yahoo! Search Jonathan Glick – Sr. Manager Yahoo! Search glickj@yahoo-inc.com Sept. 28, 2004
Documents
Defending your workloads against the next zero-day vulnerability 
Technology
Simplifying Mobile Development with Yahoo! Blueprint Ricardo Varela ricardov@yahoo-inc.com ricardov@yahoo-inc.com
Documents
Yahoo Groups Training November Meeting 2003. Yahoo Groups
Documents
Yahoo! PowerPoint Template, March 2013 · Yahoo 2016 Yahoo 2014 3 Confidential & Proprietary.Confidential & Proprietary. Innovation through Insights The view from Yahoo PRESENTED
Documents
Yahoo! ART FORCE€¦ · Yahoo! ART FORCE . Created Date: 20190710202025Z
Documents
How Secure is your Domain? Get Soliton’s vulnerability ......LinkedIn Twi er Yahoo! Dropbox NO Breach Incident Overview of Breaches Country Date Total Breaches # of Accounts Remarks
Documents
The Zero Moment of Memory - Yahoo
Marketing
[VULNERABILITY DISCLOSURE PROMOTING RESPONSIBLE€¦ · vulnerability research and discovery SINCE 20071 The Zero Day Initiative (ZDI) was founded in 2005 to encourage the responsible
Documents
Defending Your Workloads Against the Next Zero-Day Vulnerability
Technology
Anatomy of a Responsible Disclosure Zero Day Vulnerability in Oracle BI Publisher by Vishal Karlo
Documents
Yamacraw-Yahoo Falls Backcountry Route Yahoo …...Yahoo Falls Scenic Area Yahoo Falls' Yahoo Arch Markers
Documents
Yahoo! vs. Yahoo! Three Large-Scale Mainstream DHTML Implementations Nate Koechley natek@yahoo-inc.com natek@yahoo-inc.com nate@koechley.com nate@koechley.com
Documents
Yahoo! Acquires Inktomi March 19 th, 2003. Yahoo!
Documents
yahoo pipes - Larkinlarkin.net.au/resources/yahoo_pipes.pdf · Yahoo Pipes Introduction What is “Yahoo Pipes”? What are “Yahoo Pipes”? Yahoo Pipes is a web application from
Documents
Exceptional Performance Evolution at Yahoo! Steve Souders Chief Performance Yahoo! souders@yahoo-inc.com
Documents
Yahoo technical support | Yahoo 800 number
Technology
Vulnerability Management V6 · Key Features of Vulnerability management system Security configuration management Web server hardening High risk software audits Port audits Zero-day
Documents
Carlos Castillo, chato@yahoo-inc.com Debora Donato, debora@yahoo-inc.com Aristides Gionis, gionis@yahoo-inc.com Vanessa Murdock, vmurdock@yahoo-inc.com
Documents
Yahoo! vs. Yahoo! Three Large-Scale Mainstream DHTML Implementations
Documents