• Home

  • Documents

  • Yahoo Zero-Day Vulnerability - Code Point of View
11
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org Yahoo Zero-Day Vulnerability - Code Point of View Ebrahim Hegazy @Zigoo0 Cyber Security Analyst @Q-CERT [email protected] 12 April - 2014

Yahoo Zero-Day Vulnerability - Code Point of View

  • Upload
    tova

  • View
    21

  • Download
    1

Embed Size (px)

DESCRIPTION

Ebrahim Hegazy @Zigoo0 Cyber Security Analyst @Q-CERT [email protected]. Yahoo Zero-Day Vulnerability - Code Point of View. 12 April - 2014. Not this type of bugs!. Nor even This type Of hunting!. 1- Bug Bounty Programs. 2- Remote Code Execution Vulnerability 3- Live Example – WebPwn3r - PowerPoint PPT Presentation

Citation preview

Page 1: Yahoo Zero-Day Vulnerability - Code Point of View

Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.

The OWASP Foundation

OWASP

http://www.owasp.org

Yahoo Zero-Day Vulnerability - Code Point of View

Ebrahim Hegazy@Zigoo0Cyber Security Analyst @[email protected]

12 April - 2014

Page 2: Yahoo Zero-Day Vulnerability - Code Point of View

OWASP 2

Not this type of bugs!

Page 3: Yahoo Zero-Day Vulnerability - Code Point of View

OWASP

Nor even This type Of hunting!

Page 4: Yahoo Zero-Day Vulnerability - Code Point of View

OWASP

Page 5: Yahoo Zero-Day Vulnerability - Code Point of View

OWASP

1- Bug Bounty Programs.2- Remote Code Execution Vulnerability3- Live Example – WebPwn3r4- Demo Videos

Page 6: Yahoo Zero-Day Vulnerability - Code Point of View

OWASP

Bug Bounty Programs

https://bugcrowd.com/list-of-bug-bounty-programs/

Page 7: Yahoo Zero-Day Vulnerability - Code Point of View

OWASP

Remote Code Execution Vulnerability

Simply, PHPCE occurs when user-supplied(GET/POST) values of the parameters are reflected inside eval() function, that vulnerability allows attackers to execute PHP code such as {echo system(“id”)} or any other php function/code.

Page 8: Yahoo Zero-Day Vulnerability - Code Point of View

OWASP

Eval

Page 9: Yahoo Zero-Day Vulnerability - Code Point of View

OWASP

Live Example – WebPwn3r

Page 10: Yahoo Zero-Day Vulnerability - Code Point of View

OWASP

4- Demo Videos

Page 11: Yahoo Zero-Day Vulnerability - Code Point of View

OWASP


Hypervisor Vulnerability Research - Alisa Esage: homepage · 2021. 1. 18. · Hypervisor Vulnerability Research State of the Art Alisa Esage Zero Day Engineering Special for POC x

Hypervisor Vulnerability Research - Alisa Esage: homepage · 2021. 1. 18. · Hypervisor Vulnerability Research State of the Art Alisa Esage Zero Day Engineering Special for POC x

Documents
Yahoo! PowerPoint Template, March 2013 · Yahoo 2016 Yahoo 2014 3 Confidential & Proprietary.Confidential & Proprietary. Innovation through Insights The view from Yahoo PRESENTED

Yahoo! PowerPoint Template, March 2013 · Yahoo 2016 Yahoo 2014 3 Confidential & Proprietary.Confidential & Proprietary. Innovation through Insights The view from Yahoo PRESENTED

Documents
Defending Your Workloads Against the Next Zero-Day Vulnerability

Defending Your Workloads Against the Next Zero-Day Vulnerability

Technology
ZooKeeper: Wait-free coordination for Internet-scale systems · Yahoo! Grid fphunt,mahadevg@yahoo-inc.com Flavio P. Junqueira and Benjamin Reed Yahoo! Research ffpj,breedg@yahoo-inc.com

ZooKeeper: Wait-free coordination for Internet-scale systems · Yahoo! Grid fphunt,[email protected] Flavio P. Junqueira and Benjamin Reed Yahoo! Research ffpj,[email protected]

Documents
Nate Koechley – natek@yahoo-inc.com Yahoo! vs. Yahoo!: Case Studies Nate Koechley Senior Engineer & Designer, Yahoo! User Interface (YUI) Library Team

Nate Koechley – [email protected] Yahoo! vs. Yahoo!: Case Studies Nate Koechley Senior Engineer & Designer, Yahoo! User Interface (YUI) Library Team

Documents
Yahoo! Acquires Inktomi March 19 th, 2003. Yahoo!

Yahoo! Acquires Inktomi March 19 th, 2003. Yahoo!

Documents
Yahoo! My Yahoo! Mail Make Y! Your

Yahoo! My Yahoo! Mail Make Y! Your

Documents
Internet Week Yahoo! Academy: Yahoo! Search Today and Tomorrow

Internet Week Yahoo! Academy: Yahoo! Search Today and Tomorrow

Technology
Yahoo! vs. Yahoo! Three Large-Scale Mainstream DHTML Implementations Nate Koechley natek@yahoo-inc.com natek@yahoo-inc.com nate@koechley.com nate@koechley.com

Yahoo! vs. Yahoo! Three Large-Scale Mainstream DHTML Implementations Nate Koechley [email protected] [email protected] [email protected] [email protected]

Documents
Yahoo vs Yahoo

Yahoo vs Yahoo

Documents
1 A Graph-Theoretic Approach to Webpage Segmentation Deepayan Chakrabarti (deepay@yahoo-inc.com)deepay@yahoo-inc.com Ravi Kumar (ravikuma@yahoo-inc.com)ravikuma@yahoo-inc.com

1 A Graph-Theoretic Approach to Webpage Segmentation Deepayan Chakrabarti ([email protected])[email protected] Ravi Kumar ([email protected])[email protected]

Documents
RAND Corp’s Zero Days, Thousands of Nights report €¦ · CHAPTER TWO More Discussion of Zero-Day Vulnerabilities ... Timing of Overlap Between When a Vulnerability Was Found by

RAND Corp’s Zero Days, Thousands of Nights report €¦ · CHAPTER TWO More Discussion of Zero-Day Vulnerabilities ... Timing of Overlap Between When a Vulnerability Was Found by

Documents
Yahoo Messenger Vulnerabilitymunzer/courses/INCS745/Project/Project1/Yahoo... · Contents Introduction. Overview on Yahoo Messenger Yahoo Messenger Registry Overview on Windows Architecture

Yahoo Messenger Vulnerabilitymunzer/courses/INCS745/Project/Project1/Yahoo... · Contents Introduction. Overview on Yahoo Messenger Yahoo Messenger Registry Overview on Windows Architecture

Documents
yahoo pipes - Larkinlarkin.net.au/resources/yahoo_pipes.pdf · Yahoo Pipes Introduction What is “Yahoo Pipes”? What are “Yahoo Pipes”? Yahoo Pipes is a web application from

yahoo pipes - Larkinlarkin.net.au/resources/yahoo_pipes.pdf · Yahoo Pipes Introduction What is “Yahoo Pipes”? What are “Yahoo Pipes”? Yahoo Pipes is a web application from

Documents
Yahoo! vs. Yahoo! Three Large-Scale Mainstream DHTML Implementations

Yahoo! vs. Yahoo! Three Large-Scale Mainstream DHTML Implementations

Documents
Kent Landfield Director, Remediation Security Group€¦ · – Aggregate scan data for comprehensive remediation – Independent vulnerability assessments • Zero day vulnerability

Kent Landfield Director, Remediation Security Group€¦ · – Aggregate scan data for comprehensive remediation – Independent vulnerability assessments • Zero day vulnerability

Documents
Disable Adobe Flash Zero Day Vulnerability in Chrome, Firefox, IE

Disable Adobe Flash Zero Day Vulnerability in Chrome, Firefox, IE

Technology
Security Now! #708 - 04-02-19 Android Securityworldwide, recently acknowledged a long-standing vulnerability in its code-base. A recently published path traversal zero-day vulnerability,

Security Now! #708 - 04-02-19 Android Securityworldwide, recently acknowledged a long-standing vulnerability in its code-base. A recently published path traversal zero-day vulnerability,

Documents
Anatomy of a Responsible Disclosure Zero Day Vulnerability in Oracle BI Publisher by Vishal Karlo

Anatomy of a Responsible Disclosure Zero Day Vulnerability in Oracle BI Publisher by Vishal Karlo

Documents
Opportunity in Vulnerability - MergerTechmergertech.com/wp-content/uploads/2014/10/MergerTech-Security.pdfFacebook, Google, Yahoo, LinkedIn, Twitter, etc. ... Conventional practice

Opportunity in Vulnerability - MergerTechmergertech.com/wp-content/uploads/2014/10/MergerTech-Security.pdfFacebook, Google, Yahoo, LinkedIn, Twitter, etc. ... Conventional practice

Documents
Forgot/lost Yahoo mail Password- Yahoo Password Helper

Forgot/lost Yahoo mail Password- Yahoo Password Helper

Technology
Carlos Castillo, chato@yahoo-inc.com Debora Donato, debora@yahoo-inc.com Aristides Gionis, gionis@yahoo-inc.com Vanessa Murdock, vmurdock@yahoo-inc.com

Carlos Castillo, [email protected] Debora Donato, [email protected] Aristides Gionis, [email protected] Vanessa Murdock, [email protected]

Documents
Installation Instructions - Yahoo Instructions Model Number ZRB46 Zero Clearance Vented Gas Fireplace Heater Stock #’s: ZRB46N, ZRB46NE, ZRB46LP, ZRB46LPE Certified to: ANSI Z21.88-2009,

Installation Instructions - Yahoo Instructions Model Number ZRB46 Zero Clearance Vented Gas Fireplace Heater Stock #’s: ZRB46N, ZRB46NE, ZRB46LP, ZRB46LPE Certified to: ANSI Z21.88-2009,

Documents
emagazine.ncdrc.res.in€¦ · Vulnerability and Vulnerability Analysis Vulnerability Vulnerability is weakness or flaw in a system/application. Vulnerability Analysis Vulnerability

emagazine.ncdrc.res.in€¦ · Vulnerability and Vulnerability Analysis Vulnerability Vulnerability is weakness or flaw in a system/application. Vulnerability Analysis Vulnerability

Documents
Yahoo Groups Training November Meeting 2003. Yahoo Groups

Yahoo Groups Training November Meeting 2003. Yahoo Groups

Documents
HACKING UK TRIDENT - Cryptome · reconnaissance, enumeration and vulnerability scanning, weaponization (acquisition and preparation of tools), exploitation (including zero-day exploitation)

HACKING UK TRIDENT - Cryptome · reconnaissance, enumeration and vulnerability scanning, weaponization (acquisition and preparation of tools), exploitation (including zero-day exploitation)

Documents
Yamacraw-Yahoo Falls Backcountry Route Yahoo …...Yahoo Falls Scenic Area Yahoo Falls' Yahoo Arch Markers

Yamacraw-Yahoo Falls Backcountry Route Yahoo …...Yahoo Falls Scenic Area Yahoo Falls' Yahoo Arch Markers

Documents
Yahoo technical support | Yahoo 800 number

Yahoo technical support | Yahoo 800 number

Technology
At Owen O’Malley Yahoo! Grid Team owen@yahoo-inc.com

At Owen O’Malley Yahoo! Grid Team [email protected]

Documents
1 Yahoo! vs. Yahoo! Yahoo! Case Studies Across the DocApp Spectrum Nate Koechley: The Ajax Experience

1 Yahoo! vs. Yahoo! Yahoo! Case Studies Across the DocApp Spectrum Nate Koechley: The Ajax Experience

Documents