Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
XSSER: From XSS to RCE 3.0
Search
Hans-Michael Varbaek
March 28, 2019
Technology
0
150
XSSER: From XSS to RCE 3.0
OWASP Copenhagen
Hans-Michael Varbaek
March 28, 2019
Tweet
Share
More Decks by Hans-Michael Varbaek
See All by Hans-Michael Varbaek
Attack & Defense Methods
varbaek
0
37
Attack and Defense Methods for Traffic Light Systems
varbaek
0
24
So you want to be a pentester?
varbaek
2
1.4k
From XSS to RCE 2.5 - Alt33c3
varbaek
0
180
XSSing Your Way to Shell
varbaek
2
2k
Botnets of the Web – How to Hijack One
varbaek
1
240
Other Decks in Technology
See All in Technology
20250116_自部署内でAmazon Nova体験会をやってみた話
riz3f7
1
100
あなたの知らないクラフトビールの世界
miura55
0
120
.NET 最新アップデート ~ AI とクラウド時代のアプリモダナイゼーション
chack411
0
200
【JAWS-UG大阪 reInvent reCap LT大会 サンバが始まったら強制終了】“1分”で初めてのソロ参戦reInventを数字で振り返りながら反省する
ttelltte
0
140
#TRG24 / David Cuartielles / Post Open Source
tarugoconf
0
580
20250116_JAWS_Osaka
takuyay0ne
2
200
Amazon Route 53, 待ちに待った TLSAレコードのサポート開始
kenichinakamura
0
170
AWS re:Invent 2024 recap in 20min / JAWSUG 千葉 2025.1.14
shimy
1
100
Goで実践するBFP
hiroyaterui
1
120
「隙間家具OSS」に至る道/Fujiwara Tech Conference 2025
fujiwara3
7
6.4k
ABWGのRe:Cap!
hm5ug
1
120
データ基盤におけるIaCの重要性とその運用
mtpooh
4
500
Featured
See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
173
51k
Bash Introduction
62gerente
610
210k
GitHub's CSS Performance
jonrohan
1030
460k
Navigating Team Friction
lara
183
15k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
3
360
jQuery: Nuts, Bolts and Bling
dougneiner
62
7.6k
Designing Experiences People Love
moore
139
23k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3.1k
Fireside Chat
paigeccino
34
3.1k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
230
52k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
7
570
Transcript
XSSER: From XSS to RCE 3.0 OWASP Copenhagen Chapter 28
March 2019
About me ➢ ISP Red Team – Copenhagen ➢ Presented
at Black Hat Europe, Kiwicon, Hack in the Box, etc. ➢ Full-time security consultant career began in Sydney, Australia
Shodan: port:80
How many web servers globally? ➢ 85 million approximately (Shodan
– Port:80) How many of them run PHP? ➢ 8.1 million approximately (Shodan – PHP) However..
What about virtual hosting? ➢ 1.4 billion websites ➢ 232
million unique domains ➢ 27 million websites running WordPress That’s a lot more attack surface for adversaries (Netcraft March 2019 Survey)
Classic XSS Attacks ➢ Cookie Stealing ➢ Prevented by “HttpOnly”
flag ➢ Defacements ➢ Phishing ➢ Session Hijacking (e.g. BeEF, XSSER, etc.)
None
None
None
None
XSSER
XSSER What and why? ➢ Can automate XSS attacks to
obtain RCE ➢ Meant for educational purposes ➢ Fully open source and available on GitHub
Demo
References https://github.com/Varbaek/xsser https://shodan.io https://news.netcraft.com/archives/cat egory/web-server-survey/
Questions?
varbaek
riz3f7
miura55
chack411
ttelltte
tarugoconf
takuyay0ne
kenichinakamura
shimy
hiroyaterui
fujiwara3
hm5ug
mtpooh
soudai
62gerente
jonrohan
lara
tammyeverts
dougneiner
moore
thoeni
paigeccino
scottboms
destraynor
