Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Known Drupal Vulnerabilities and OWASP’s Top10
Search
andresriancho
May 18, 2016
Technology
0
240
Known Drupal Vulnerabilities and OWASP’s Top10
Prepared this talk for the Buenos Aires Drupal meetup
andresriancho
May 18, 2016
Tweet
Share
More Decks by andresriancho
See All by andresriancho
Step by step AWS Cloud Hacking
andresriancho
0
610
Step by step AWS Cloud Hacking
andresriancho
2
2.9k
Internet-Scale analysis of AWS Cognito Security
andresriancho
1
12k
Threat Modelling
andresriancho
0
1.4k
Automated Security Analysis AWS Clouds
andresriancho
1
3.2k
Injecting into URLs / Breaking URL-Encoding
andresriancho
0
240
Galería de Fallos en Unicornios
andresriancho
1
220
Esoteric Web Application Vulnerabilities
andresriancho
0
1k
String Compare Timing Attacks
andresriancho
0
570
Other Decks in Technology
See All in Technology
エンジニアリングマネージャー“お悩み相談”パネルセッション
ar_tama
1
600
複数のGemini CLIが同時開発する狂気 - Jujutsuが実現するAIエージェント協調の新世界
gunta
11
3k
20250719_JAWS_kobe
takuyay0ne
1
160
新規事業におけるAIリサーチの活用例
ranxxx
0
100
PHPからはじめるコンピュータアーキテクチャ / From Scripts to Silicon: A Journey Through the Layers of Computing
tomzoh
2
370
低レイヤソフトウェア技術者が YouTuberとして食っていこうとした話
sat
PRO
7
5.8k
分散トレーシングによる コネクティッドカーのデータ処理見える化の試み
thatsdone
0
150
Snowflake のアーキテクチャは本当に筋がよかったのか / Data Engineering Study #30
indigo13love
0
240
20250718_ITSurf_“Bet AI”を支える文化とコストマネジメント
helosshi
1
200
PdM業務における使い分け
shinshiro
0
550
AIコードアシスタントとiOS開発
jollyjoester
1
230
P2P通信の標準化 WebRTCを知ろう
faithandbrave
6
2.2k
Featured
See All Featured
BBQ
matthewcrist
89
9.7k
Mobile First: as difficult as doing things right
swwweet
223
9.7k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
47
9.6k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Building Adaptive Systems
keathley
43
2.7k
How to train your dragon (web standard)
notwaldorf
96
6.1k
Balancing Empowerment & Direction
lara
1
490
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
710
Building Applications with DynamoDB
mza
95
6.5k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
The Straight Up "How To Draw Better" Workshop
denniskardys
235
140k
Transcript
None
▪ ▪ ▪ ▪ ▪ ▪
▪ ▪ ▪ ▪
▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪
None
None
▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪
▪ ▪ ▪
None
None
None
▪ ▪ ▪ ▪ ▪ ▪
▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪
String query = "select * from customers where group =
"; query += request.getParameter("group"); rowMapper = new RowMapper<Customer>() { @Override public Customer mapRow(ResultSet rs, int rowNum) throws SQLException { return new Customer(rs.getLong("id"), rs.getString("first_name"), rs.getString("group")); } }; jdbcTemplate.query(query, new Object[] {}, rowMapper); http://host.tld/customers?group=12
String query = "select * from customers where group =
" query += request.getParameter("group"); jdbcTemplate.query(query, new Object[] {}, rowMapper); http://host.tld/query?group=1 OR 1=1 SELECT * FROM customers where group=1 OR 1=1
None
None
▪ ▪
▪ ▪ … ▪ ▪ … ▪ ▪ ▪ ▪
▪ ▪ ▪
<html> <h1>Comentarios</h1> <h3>Hola!</h3> <p><script>alert("Controlado por el intruso")</script></p> </html>
None
/hello?name=<script>alert(‘xss’)</script> <p>Hi <script>alert(‘xss’)</script></p> @RequestMapping("/hello") @ResponseBody protected String handleHello(HttpServletRequest request){ String
name = request.getParameter("name"); return String.format(“<p>Hi %s</p>", name); }
/hello?name=<script>alert(‘xss’)</script> <p>Hi <script>alert("xss")</script></p> Hi <script>alert(‘xss’)</script> import org.springframework.web.util.HtmlUtils; @RequestMapping("/hello") @ResponseBody protected
String handleHello(HttpServletRequest request){ String name = request.getParameter("name"); return String.format("<p>Hi %s</p>", HtmlUtils.htmlEscape(name)); }
None
▪ ▪ ▪
▪ ▪ <img src=http://home-banking.com/transfer?dst=1234&amount=3>
None
None
▪ •
▪
None
▪ ▪
None
▪ ▪
▪ …
▪ ▪ if not has_authorization(user, action, object): raise AuthorizationException(user, action,
object) action(user, object)
None
▪ ▪ ▪ ▪
None
None