Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Known Drupal Vulnerabilities and OWASP’s Top10
Search
andresriancho
May 18, 2016
Technology
0
250
Known Drupal Vulnerabilities and OWASP’s Top10
Prepared this talk for the Buenos Aires Drupal meetup
andresriancho
May 18, 2016
Tweet
Share
More Decks by andresriancho
See All by andresriancho
Step by step AWS Cloud Hacking
andresriancho
0
610
Step by step AWS Cloud Hacking
andresriancho
2
2.9k
Internet-Scale analysis of AWS Cognito Security
andresriancho
1
12k
Threat Modelling
andresriancho
0
1.4k
Automated Security Analysis AWS Clouds
andresriancho
1
3.2k
Injecting into URLs / Breaking URL-Encoding
andresriancho
0
240
Galería de Fallos en Unicornios
andresriancho
1
230
Esoteric Web Application Vulnerabilities
andresriancho
0
1k
String Compare Timing Attacks
andresriancho
0
580
Other Decks in Technology
See All in Technology
許しとアジャイル
jnuank
1
120
Function calling機能をPLaMo2に実装するには / PFN LLMセミナー
pfn
PRO
0
920
"複雑なデータ処理 × 静的サイト" を両立させる、楽をするRails運用 / A low-effort Rails workflow that combines “Complex Data Processing × Static Sites”
hogelog
3
1.9k
BirdCLEF+2025 Noir 5位解法紹介
myso
0
190
Pure Goで体験するWasmの未来
askua
1
180
KAGのLT会 #8 - 東京リージョンでGAしたAmazon Q in QuickSightを使って、報告用の資料を作ってみた
0air
0
200
コンテキストエンジニアリングとは? 考え方と応用方法
findy_eventslides
4
890
組織観点からIAM Identity CenterとIAMの設計を考える
nrinetcom
PRO
1
170
自作LLM Native GORM Pluginで実現する AI Agentバックテスト基盤構築
po3rin
2
250
FastAPIの魔法をgRPC/Connect RPCへ
monotaro
PRO
1
730
ACA でMAGI システムを社内で展開しようとした話
mappie_kochi
1
250
Large Vision Language Modelを用いた 文書画像データ化作業自動化の検証、運用 / shibuya_AI
sansan_randd
0
100
Featured
See All Featured
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Scaling GitHub
holman
463
140k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
30
2.9k
GraphQLの誤解/rethinking-graphql
sonatard
73
11k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
How to Ace a Technical Interview
jacobian
280
24k
Six Lessons from altMBA
skipperchong
28
4k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
132
19k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Making the Leap to Tech Lead
cromwellryan
135
9.5k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
A better future with KSS
kneath
239
17k
Transcript
None
▪ ▪ ▪ ▪ ▪ ▪
▪ ▪ ▪ ▪
▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪
None
None
▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪
▪ ▪ ▪
None
None
None
▪ ▪ ▪ ▪ ▪ ▪
▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪
String query = "select * from customers where group =
"; query += request.getParameter("group"); rowMapper = new RowMapper<Customer>() { @Override public Customer mapRow(ResultSet rs, int rowNum) throws SQLException { return new Customer(rs.getLong("id"), rs.getString("first_name"), rs.getString("group")); } }; jdbcTemplate.query(query, new Object[] {}, rowMapper); http://host.tld/customers?group=12
String query = "select * from customers where group =
" query += request.getParameter("group"); jdbcTemplate.query(query, new Object[] {}, rowMapper); http://host.tld/query?group=1 OR 1=1 SELECT * FROM customers where group=1 OR 1=1
None
None
▪ ▪
▪ ▪ … ▪ ▪ … ▪ ▪ ▪ ▪
▪ ▪ ▪
<html> <h1>Comentarios</h1> <h3>Hola!</h3> <p><script>alert("Controlado por el intruso")</script></p> </html>
None
/hello?name=<script>alert(‘xss’)</script> <p>Hi <script>alert(‘xss’)</script></p> @RequestMapping("/hello") @ResponseBody protected String handleHello(HttpServletRequest request){ String
name = request.getParameter("name"); return String.format(“<p>Hi %s</p>", name); }
/hello?name=<script>alert(‘xss’)</script> <p>Hi <script>alert("xss")</script></p> Hi <script>alert(‘xss’)</script> import org.springframework.web.util.HtmlUtils; @RequestMapping("/hello") @ResponseBody protected
String handleHello(HttpServletRequest request){ String name = request.getParameter("name"); return String.format("<p>Hi %s</p>", HtmlUtils.htmlEscape(name)); }
None
▪ ▪ ▪
▪ ▪ <img src=http://home-banking.com/transfer?dst=1234&amount=3>
None
None
▪ •
▪
None
▪ ▪
None
▪ ▪
▪ …
▪ ▪ if not has_authorization(user, action, object): raise AuthorizationException(user, action,
object) action(user, object)
None
▪ ▪ ▪ ▪
None
None