Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSSER: From XSS to RCE 3.0
Search
Hans-Michael Varbaek
March 28, 2019
Technology
0
170
XSSER: From XSS to RCE 3.0
OWASP Copenhagen
Hans-Michael Varbaek
March 28, 2019
Tweet
Share
More Decks by Hans-Michael Varbaek
See All by Hans-Michael Varbaek
Attack & Defense Methods
varbaek
0
43
Attack and Defense Methods for Traffic Light Systems
varbaek
0
29
So you want to be a pentester?
varbaek
2
1.5k
From XSS to RCE 2.5 - Alt33c3
varbaek
0
190
XSSing Your Way to Shell
varbaek
2
2k
Botnets of the Web – How to Hijack One
varbaek
1
240
Other Decks in Technology
See All in Technology
ローカルVLM OCRモデル + Gemini 3.0 Proで日本語性能を試す
gotalab555
1
130
クラスタ統合リアーキテクチャ全貌~1,000万ユーザーのウェルネスSaaSを再設計~
hacomono
PRO
0
140
なぜブラウザで帳票を生成したいのか どのようにブラウザで帳票を生成するのか
yagisanreports
1
190
Greenは本当にGreenか? - B/GデプロイとAPI自動テストで安心デプロイ
kaz29
0
130
ローカルLLM基礎知識 / local LLM basics 2025
kishida
23
7k
AWS re:Invent 2025 で頻出の 生成 AI サービスをおさらい
komakichi
3
210
AIと自動化がもたらす業務効率化の実例: 反社チェック等の調査・業務プロセス自動化
enpipi
0
780
膨大なデータをどうさばく? Java × MQで作るPub/Subアーキテクチャ
zenta
0
120
ECS組み込みのBlue/Greenデプロイを動かしてELB側の動きを観察してみる
yuki_ink
3
410
FFMとJVMの実装から学ぶJavaのインテグリティ
kazumura
0
160
個人から巡るAI疲れと組織としてできること - AI疲れをふっとばせ。エンジニアのAI疲れ治療法 ショートセッション -
kikuchikakeru
5
1.9k
組織の“見えない壁”を越えよ!エンタープライズシフトに必須な3つのPMの「在り方」変革 #pmconf2025
masakazu178
1
800
Featured
See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
65
8k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
34
2.3k
Bash Introduction
62gerente
615
210k
The Pragmatic Product Professional
lauravandoore
36
7k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
Done Done
chrislema
186
16k
Side Projects
sachag
455
43k
Making the Leap to Tech Lead
cromwellryan
135
9.6k
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
31
2.7k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
127
54k
The Cost Of JavaScript in 2023
addyosmani
55
9.3k
Transcript
XSSER: From XSS to RCE 3.0 OWASP Copenhagen Chapter 28
March 2019
About me ➢ ISP Red Team – Copenhagen ➢ Presented
at Black Hat Europe, Kiwicon, Hack in the Box, etc. ➢ Full-time security consultant career began in Sydney, Australia
Shodan: port:80
How many web servers globally? ➢ 85 million approximately (Shodan
– Port:80) How many of them run PHP? ➢ 8.1 million approximately (Shodan – PHP) However..
What about virtual hosting? ➢ 1.4 billion websites ➢ 232
million unique domains ➢ 27 million websites running WordPress That’s a lot more attack surface for adversaries (Netcraft March 2019 Survey)
Classic XSS Attacks ➢ Cookie Stealing ➢ Prevented by “HttpOnly”
flag ➢ Defacements ➢ Phishing ➢ Session Hijacking (e.g. BeEF, XSSER, etc.)
None
None
None
None
XSSER
XSSER What and why? ➢ Can automate XSS attacks to
obtain RCE ➢ Meant for educational purposes ➢ Fully open source and available on GitHub
Demo
References https://github.com/Varbaek/xsser https://shodan.io https://news.netcraft.com/archives/cat egory/web-server-survey/
Questions?
varbaek
gotalab555
hacomono
yagisanreports
kaz29
kishida
komakichi
.jpeg){kind=avatar}
enpipi
zenta
yuki_ink
kazumura
kikuchikakeru
masakazu178
dougneiner
marcduiker
62gerente
lauravandoore
pedronauck
chrislema
sachag
cromwellryan
tanoku
bluesmoon
aki_iinuma
addyosmani
