Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Known Drupal Vulnerabilities and OWASP’s Top10

Avatar for andresriancho andresriancho
May 18, 2016
Technology
0
250

Known Drupal Vulnerabilities and OWASP’s Top10

Prepared this talk for the Buenos Aires Drupal meetup

Avatar for andresriancho

andresriancho

May 18, 2016
Tweet

More Decks by andresriancho

See All by andresriancho
Step by step AWS Cloud Hacking
Avatar for andresriancho andresriancho
0
620
Step by step AWS Cloud Hacking
Avatar for andresriancho andresriancho
2
2.9k
Internet-Scale analysis of AWS Cognito Security
Avatar for andresriancho andresriancho
1
12k
Threat Modelling
Avatar for andresriancho andresriancho
0
1.5k
Automated Security Analysis AWS Clouds
Avatar for andresriancho andresriancho
1
3.3k
Injecting into URLs / Breaking URL-Encoding
Avatar for andresriancho andresriancho
0
250
Galería de Fallos en Unicornios
Avatar for andresriancho andresriancho
1
240
Esoteric Web Application Vulnerabilities
Avatar for andresriancho andresriancho
0
1.1k
String Compare Timing Attacks
Avatar for andresriancho andresriancho
0
610

Other Decks in Technology

See All in Technology
身近なCSVを活用する!AWSのデータ分析基盤アーキテクチャ
Avatar for Kotaro.S koosun
0
1.8k
Proxmox × HCP Terraformで始めるお家プライベートクラウド
Avatar for Lamaglama39 lamaglama39
1
210
re:Invent完全攻略ガイド
Avatar for JunjiKoide junjikoide
1
390
AIと自動化がもたらす業務効率化の実例: 反社チェック等の調査・業務プロセス自動化
Avatar for enpipi enpipi
0
660
「O(n log(n))のパフォーマンス」の意味がわかるようになろう
Avatar for dhirabayashi dhirabayashi
0
190
生成AIではじめるテスト駆動開発
Avatar for puku0x puku0x
0
130
JavaScript パーサーに using 対応をする過程で与えたエコシステムへの影響
Avatar for Yuichiro Yamashita baseballyama
1
110
旧から新へ: 大規模ウェブクローラの Perl から Go への移行 / YAPC::Fukuoka 2025
Avatar for motemen motemen
3
1k
スタートアップの事業成長を支えるアーキテクチャとエンジニアリング
Avatar for どら doragt
0
570
Kubernetesと共にふりかえる! エンタープライズシステムのインフラ設計・テストの進め方大全
Avatar for 高棹大樹 daitak
0
370
AIでテストプロセスを自動化しよう251113.pdf
Avatar for K_SAK sakatakazunori
1
230
LINEヤフー バックエンド組織・体制の紹介
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
810

Featured

See All Featured
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
253
22k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
210
24k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
49
3.2k
A better future with KSS
Avatar for Kyle Neath kneath
239
18k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.5k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
49
14k
Side Projects
Avatar for Sacha Greif sachag
455
43k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
52
5.7k
Music & Morning Musume
Avatar for Bryan Veloso bryan
46
6.9k
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
273
27k
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k

Transcript

  1. None

  2. ▪ ▪ ▪ ▪ ▪ ▪

  3. ▪ ▪ ▪ ▪

  4. ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪

  5. None
  6. None

  7. ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪

  8. ▪ ▪ ▪

  9. None
  10. None
  11. None

  12. ▪ ▪ ▪ ▪ ▪ ▪

  13. ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪

  14. String query = "select * from customers where group =

    "; query += request.getParameter("group"); rowMapper = new RowMapper<Customer>() { @Override public Customer mapRow(ResultSet rs, int rowNum) throws SQLException { return new Customer(rs.getLong("id"), rs.getString("first_name"), rs.getString("group")); } }; jdbcTemplate.query(query, new Object[] {}, rowMapper); http://host.tld/customers?group=12

  15. String query = "select * from customers where group =

    " query += request.getParameter("group"); jdbcTemplate.query(query, new Object[] {}, rowMapper); http://host.tld/query?group=1 OR 1=1 SELECT * FROM customers where group=1 OR 1=1
  16. None
  17. None

  18. ▪ ▪

  19. ▪ ▪ … ▪ ▪ … ▪ ▪ ▪ ▪

  20. ▪ ▪ ▪

  21. <html> <h1>Comentarios</h1> <h3>Hola!</h3> <p><script>alert("Controlado por el intruso")</script></p> </html>

  22. None

  23. /hello?name=<script>alert(‘xss’)</script> <p>Hi <script>alert(‘xss’)</script></p> @RequestMapping("/hello") @ResponseBody protected String handleHello(HttpServletRequest request){ String

    name = request.getParameter("name"); return String.format(“<p>Hi %s</p>", name); }

  24. /hello?name=<script>alert(‘xss’)</script> <p>Hi &lt;script&gt;alert(&quot;xss&quot;)&lt;/script&gt;</p> Hi <script>alert(‘xss’)</script> import org.springframework.web.util.HtmlUtils; @RequestMapping("/hello") @ResponseBody protected

    String handleHello(HttpServletRequest request){ String name = request.getParameter("name"); return String.format("<p>Hi %s</p>", HtmlUtils.htmlEscape(name)); }
  25. None

  26. ▪ ▪ ▪

  27. ▪ ▪ <img src=http://home-banking.com/transfer?dst=1234&amount=3>

  28. None
  29. None

  30. ▪ •

  32. None

  33. ▪ ▪

  34. None

  35. ▪ ▪

  36. ▪ …

  37. ▪ ▪ if not has_authorization(user, action, object): raise AuthorizationException(user, action,

    object) action(user, object)
  38. None

  39. ▪ ▪ ▪ ▪

  40. None
  41. None