Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
Yahoo Zero-Day Vulnerability - Code Point of View
Ebrahim Hegazy@Zigoo0Cyber Security Analyst @[email protected]
12 April - 2014
OWASP 2
Not this type of bugs!
OWASP
Nor even This type Of hunting!
OWASP
OWASP
1- Bug Bounty Programs.2- Remote Code Execution Vulnerability3- Live Example – WebPwn3r4- Demo Videos
OWASP
Bug Bounty Programs
https://bugcrowd.com/list-of-bug-bounty-programs/
OWASP
Remote Code Execution Vulnerability
Simply, PHPCE occurs when user-supplied(GET/POST) values of the parameters are reflected inside eval() function, that vulnerability allows attackers to execute PHP code such as {echo system(“id”)} or any other php function/code.
OWASP
Eval
OWASP
Live Example – WebPwn3r
OWASP
4- Demo Videos
OWASP