Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cocon-Server_side_javascript_Injection.pdf

Kavisha Sheth
November 17, 2021

 Cocon-Server_side_javascript_Injection.pdf

Ever since its humble inception, JavaScript has gained a lot of traction in
the world of software development. What originally started as an experimental
language meant to increase responsiveness in the browser has evolved into a
full-fledged language with the capability to produce full-stack web
applications.
Applications are widely used, and new ways for easier and cost-effective
methods to develop them are constantly introduced. A common omission among
the new development and implementation techniques when designing them is
security; Node.js and NoSQL are no exception, various data-leaks over the
recent years have been attributed to people leaving MongoDB and other NoSQL
databases unsecured and accessible to anyone.
In this session, we will talk about
* What is server-side javascript injection is?
* Approach to find server-side javascript injection
* What can be done with server-side javascript injection
* Why it's necessary to bring cyber awareness to individuals,
organizations?

Kavisha Sheth

November 17, 2021
Tweet

More Decks by Kavisha Sheth

Other Decks in Technology

Transcript

  1. About me • Security analyst by profession • Listed as

    security researcher by NCIIPC RVDP for finding issues in government websites • Infosec speaker, spoken at national and international conference like OWASP, Defcon cloud village, Bsides , Null ahmedabad, Owasp BAY area
  2. Agenda • Definition • Why are we discussing this? •

    How to find this vulnerability? • Exploit • Bonus Tips
  3. Server side javascript injection “Server-side code injection vulnerabilities arise when

    an application incorporates user-controllable data into a string that is dynamically evaluated by a code interpreter. If the user data is not strictly validated, an attacker can use crafted input to modify the code to be executed, and inject arbitrary code that will be executed by the server. “
  4. Useful Error Messages ReferenceError is a great indicator that we

    are injecting into a Server Side JavaScript parser, but the error indicates that response.end is not the correct response object name.
  5. Manually detect Server Side JavaScript Injection with Timestamp After the

    payload, result in a delay of at least 20 seconds Original request
  6. • Validate user inputs on server side before processing •

    Whitelist of specific accepted values should be used. • Do not use eval()function to parse user inputs. Avoid using other commands with similar effect, such as setTimeOut(), setInterval(), and Function(). • For parsing JSON input, instead of using eval(), use a safer alternative such as JSON.parse(). For type conversions use type related parseXXX()methods. parseInt() method usage
  7. Where else can found • Authentication mechanism • Filters, limit

    • Anything that’s require to request data
  8. Bonus tips • Recon technique that might be helpful •

    Tools that help to speedup procedure • Approach
  9. You got direct access to database ! Use Mongoaudit tool,

    which helps to test for security misconfigurations
  10. If you do not have direct access to the database,

    you are going to need to go through the web application