NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Mitigating SQL Injection Attacks on Legacy Web Applications
You shall not pass: Mitigating SQL Injection Attacks on Legacy Web Applications Rasoul Jahanshahi Adam Doupé Manuel Egele [email protected] [email protected] [email protected] Boston University Arizona State University Boston University ABSTRACT four most popular web apps (i.e., Wordpress, Joomla, Drupal, and SQL injection (SQLi) attacks pose a significant threat to the security Magento) increased by 267% compared to the prior year. of web applications. Existing approaches do not support object- There has been a great deal of research into identifying SQLi oriented programming that renders these approaches unable to vulnerabilities and defending against SQLi attacks on web apps. protect the real-world web apps such as Wordpress, Joomla, or Proposed approaches used various techniques such as static anal- Drupal against SQLi attacks. ysis [10, 11, 20, 22, 35], dynamic analysis [3, 6, 15, 21, 24, 25, 37], We propose a novel hybrid static-dynamic analysis for PHP or a mix of static-dynamic analysis [5, 17, 28]. While static analy- web applications that limits each PHP function for accessing the sis approaches can be promising, static analysis cannot determine database. Our tool, SQLBlock, reduces the attack surface of the whether input sanitization is performed correctly or not [34]. If the vulnerable PHP functions in a web application to a set of query sanitization function does not properly sanitize user-input, SQLi descriptors that demonstrate the benign functionality of the PHP attacks can still happen. Moreover, to the best of our knowledge, function. prior static analysis approaches for finding SQLi vulnerabilities in We implement SQLBlock as a plugin for MySQL and PHP. -
Emotions and Performance in Virtual Worlds
EMOTIONSANDPERFORMANCEINVIRTUAL WORLDS An Empirical Study in the Presence of Missing Data Inauguraldissertation zur Erlangung des Doktorgrades der Wirtschafts- und Sozialwissenschaftlichen Fakultät der Universität zu Köln 2015 vorgelegt von Diplom-Informatikerin Sabrina Schiele aus Duisburg Referent: Prof. Dr. Detlef Schoder Koreferent: Prof. Dr. Claudia Loebbecke Datum der Promotion: 27.11.2015 EMOTIONSANDPERFORMANCEINVIRTUALWORLDS sabrina schiele Department of Information Systems and Information Management Faculty of Management, Economics and Social Sciences University of Cologne Sabrina Schiele: Emotions and Performance in Virtual Worlds, An Em- pirical Study in the Presence of Missing Data, 2015 To Gregor, who supported all of my decisions and always found the right words to keep me going in times of despair. ABSTRACT In this work, we first investigate characteristics of virtual worlds and de- termine important situational variables concerning virtual world usage. Moreover, we develop a model which relates individual differences of vir- tual world users, namely emotional and cognitive abilities, experiences with virtual worlds as a child, and the level of cognitive absorption per- ceived during virtual world use, to the users’ individual performance in virtual worlds. We further test our model with observed data from 4,048 study participants. Our results suggest that cognitive ability, childhood media experience, and cognitive absorption influence multiple facets of emotional capabilities, which in turn have a varyingly strong effect on virtual world performance among different groups. Notably, in the present study, the effect of emotional capabilities on performance was stronger for users which prefer virtual worlds that have more emotional content and require more social and strategic skills, particularly related to human behavior. -
4PSA Integrator 3.5.0 for Plesk 8.2.0 and Newer Versions User's Guide
4PSA Integrator 3.5.0 for Plesk 8.2.0 and newer versions User's Guide For more information about 4PSA Integrator, check: http://www.4psa.com Copyright © 2011 Rack-Soft. 4PSA is a registered trademark of Rack-Soft, Inc. User's Guide Manual Version 77015.19 at 2011/02/14 17:48:20 For suggestions regarding this manual contact: [email protected] Copyright © 2011 Rack-Soft. 4PSA is a registered trademark of Rack-Soft, Inc. All rights reserved. Distribution of this work or derivative of this work is prohibited unless prior written permission is obtained from the copyright holder. Plesk is a Registered Trademark of Parallels, Inc. Linux is a Registered Trademark of Linus Torvalds. RedHat is a Registered Trademark of Red Hat Software, Inc. FreeBSD is a Registered Trademark of FreeBSD, Inc. All other trademarks and copyrights are property of their respective owners. Table of Contents Preface ................................................................................................. 5 Who Should Read This Guide ....................................................................... 5 Chapter 1. The Administrator Module ....................................................... 6 1. Manage Tools for Domains ...................................................................... 7 Tools for a Domain ................................................................................ 7 Installing Tools on a Server ..................................................................... 8 Installation Report .............................................................................. -
Snuffleupagus Documentation
Snuffleupagus Documentation Release stable Sebastien Blot & Julien Voisin Aug 29, 2021 Contents 1 Documentation 3 1.1 Features..................................................3 1.2 Installation................................................ 11 1.3 Configuration............................................... 14 1.4 Download................................................. 22 1.5 Changelog................................................ 23 1.6 FAQ.................................................... 29 1.7 Propaganda................................................ 33 1.8 Cookies.................................................. 35 2 Greetings 39 i ii Snuffleupagus Documentation, Release stable Snuffleupagus is a PHP7+ and PHP8+ module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the administrator to fix specific vulnerabilities without having to touch the PHP code. Contents 1 Snuffleupagus Documentation, Release stable 2 Contents CHAPTER 1 Documentation 1.1 Features Snuffleupagus has a lot of features that can be divided in two main categories: bug-classes killers and virtual-patching. The first category provides primitives to kill various bug families (like arbitrary code execution via unserialize for example) or raise the cost of exploitation. The second category is a highly configurable system to patch functions in php itself. 1.1.1 Bug classes killed or mitigated system injections The system function executes an external -
Arxiv:2102.03131V1 [Cs.CR] 5 Feb 2021 Extensions Are Available Within Systems Like Wordpress Or Called Joomla
Over 100 Bugs in a Row: Security Analysis of the Top-Rated Joomla Extensions Marcus Niemietz, Mario Korth, Christian Mainka, Juraj Somorovsky fi[email protected] Hackmanit GmbH Abstract like WordPress and Joomla. There exists a family of tools Nearly every second website is using a Content Manage- which, inter alia, allow researchers and penetration testers to ment System (CMS) such as WordPress, Drupal, and Joomla. scan CMS software (e.g., WPScan [4], JoomScan [10]) for These systems help to create and modify digital data, typically well-known issues. Although community-based projects like within a collaborative environment. One common feature is to Joomla make use of tools like static source code scanners, it enrich their functionality by using extensions. Popular exten- seems to be a non-trivial task to detect well-known vulnerabil- sions allow developers to easily include payment gateways, ities such as XSS and SQLi, as shown by security researches backup tools, and social media components. multiple times [29]. To provide an example, Joomla intro- Due to the extended functionality, it is not surprising that duced the usage of the code analysis tool RIPS in June 2018 such an expansion of complexity implies a bigger attack sur- [7, 16]. Although RIPS is explicitly designed to detect web face. In contrast to CMS core systems, extensions are usu- vulnerabilities like XSS, Joomla has officially announced 30 ally not considered during public security audits. However, security vulnerabilities within the first half year of 2019, and a Cross-Site Scripting (XSS) or SQL injection (SQLi) at- 12 of them were XSS issues [17]. -
Ubuntu Server Guide Ubuntu Server Guide Copyright © 2010 Canonical Ltd
Ubuntu Server Guide Ubuntu Server Guide Copyright © 2010 Canonical Ltd. and members of the Ubuntu Documentation Project3 Abstract Welcome to the Ubuntu Server Guide! It contains information on how to install and configure various server applications on your Ubuntu system to fit your needs. It is a step-by-step, task-oriented guide for configuring and customizing your system. Credits and License This document is maintained by the Ubuntu documentation team (https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see the contributors page1 This document is made available under the Creative Commons ShareAlike 2.5 License (CC-BY-SA). You are free to modify, extend, and improve the Ubuntu documentation source code under the terms of this license. All derivative works must be released under this license. This documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER. A copy of the license is available here: Creative Commons ShareAlike License2. 3 https://launchpad.net/~ubuntu-core-doc 1 ../../libs/C/contributors.xml 2 /usr/share/ubuntu-docs/libs/C/ccbysa.xml Table of Contents 1. Introduction ........................................................................................................................... 1 1. Support .......................................................................................................................... 2 2. Installation ............................................................................................................................ -
Snuffleupagus
» SnuFfLEupAGus A ghostly elephant, in your php stack, killing bug classes, defeating attacks, and virtual-patching what is remaining. 1 / 106 » Bonjour 2 / 106 » I'm sorry 3 / 106 » Good evening We're glad to be here We're working at the same (French¹) company In the security team. It's called NBS System And it's a hosting company, you know, for websites. ¹ Hence our lovely accent. 4 / 106 » What are we trying to solve? We're hosting a lot of various php applications, using CMS written by super- duper creative people, and we'd like to prevent our customers from being pwned. 5 / 106 » What we were doing so far We have a lot of os-level hardening (grsecurity ♥) We have some custom IDS We have a (cool) WAF called naxsi But not everything is patchable with those, and we can not² touch the PHP code. ¹ And to be honest, we don't want to. 6 / 106 » Some words about php Its syntax draws upon C, Java, and Perl, and is easy to learn. The main goal of the language is to allow web developers to write dynamically generated web pages quickly, but you can do much more with PHP. — the php documentation 7 / 106 » Still words about php Well, there were other factors in play there. htmlspecialchars was a very early function. Back when PHP had less than 100 functions and the function hashing mechanism was strlen(). In order to get a nice hash distribution of function names across the various function name lengths names were picked specifically to make them fit into a specific length bucket. -
Google Summer of Code Application 2010
Google Summer of Code Application 2010 Project Idea: File Upload question type Abhinav Chittora Education : Graduation (B. Tech) 8th Semester Major : Information Technology College : Engineering College Bikaner Table of Contents: 1. Contact Information 2. Project Outline i. How we are going to upload files? ii. Where we are going to store uploaded files? iii. Configuration Options for Questions iv. Administer Roles? v. Data Entry/ Statistics/ Printable Survey/ Response Browsing/ Response Editing, how? vi. Third Party processing hooks? vii. Any thing else? 3. How will limesurvey benefit from the project? 4. Time line 5. Experience in Open Source development 6. Project related experience 7. Academic Experience 8. Why Limesurvey? 9. References & Important Links Contact Information: Name : Abhinav Chittora Email Id : bijolianabhi[at]gmail[dot]com IRC Nick : Abhinav1 IM & user id : Google Talk ( [email protected]) & Skype (bijolianabhi) Location : Bikaner ( India) Time Zone : IST (UTC + 05:30) Phone No. : +91 9460351625 Blog Address : http://experiencesoc.wordpress.com (Blog to show Google Summer of code Progress) Project Outline: Limesurvey, The Open Source Survey Application has been working in Open Source field since February 20, 2003. In its early days it was called PHPSurveyor. Limesurvey has proposed many idea for Google Summer of Code 2010. File Upload Question Type is one of them and I found myself capable to complete this project. File uploading is the main task that should be done carefully. Uploaded files should be stored at server according to survey. For this we have to note these points: - 1. How we are going to upload files? Ans: We can upload files using CakePHP with model and without model. -
A Static Vulnerability Analysis Tool for PHP
PHPWander: A Static Vulnerability Analysis Tool for PHP Pavel Jurásek Thesis submitted for the degree of Master in Informatics: Programming and Networks 60 credits Department of Informatics Faculty of mathematics and natural sciences UNIVERSITY OF OSLO Spring 2018 PHPWander: A Static Vulnerability Analysis Tool for PHP Pavel Jurásek © 2018 Pavel Jurásek PHPWander: A Static Vulnerability Analysis Tool for PHP http://www.duo.uio.no/ Printed: Reprosentralen, University of Oslo PHPWander: A Static Vulnerability Analysis Tool for PHP Pavel Jurásek 16th May 2018 ii Contents 1 Introduction 1 I Background 3 2 Security vulnerabilities 5 2.1 Injections . .5 2.2 Cross-site scripting (XSS) . .6 2.3 Command injection . .7 2.4 Code injection . .7 2.5 Path traversal . .8 2.6 Other vulnerabilities . .8 3 PHP Language 9 3.1 History and description . .9 3.2 Typing . .9 3.3 Predefined variables . 10 3.4 Object-oriented aspects in PHP . 10 3.5 Class autoloading . 11 4 Static analysis 13 4.1 Data flow analysis . 13 4.2 Taint analysis . 14 4.2.1 Tainting method . 14 4.2.2 Control flow graphs . 14 4.3 Data flow sensitivities . 15 4.3.1 Flow sensitivity . 15 4.3.2 Context sensitivity . 16 4.4 SSA form . 16 4.5 Static analysis tools for PHP . 17 4.5.1 Code improvement tools . 17 4.5.2 Security checking tools . 18 II Development 19 5 Development phase 21 5.1 Architecture . 21 iii 5.2 Design decisions . 21 5.2.1 Configuration . 21 5.2.2 Software foundations . 23 5.2.3 Implementation details . -
Manual for Internet-Based Surveys of Drug Treatment Facilities with the European Facility Survey Questionnaire
Manual for internet-based surveys of drug treatment facilities with the European Facility Survey Questionnaire March 2017 Table of Contents: 1. Introduction .......................................................................................................................... 3 1.1. Selection and set up of the survey platform ................................................................... 3 1.2. Import and set up of the EFSQ questionnaire ................................................................ 4 1.3. Translation of the questionnaire .................................................................................... 4 1.4. Survey management ..................................................................................................... 4 1.5. Managing contacts and invitations ................................................................................. 5 1.6. Result management and exports ................................................................................... 6 2. Running the EFSQ in LimeSurvey© ...................................................................................... 7 2.1. Installation of LimeSurvey© ............................................................................................ 7 2.2. Import and set up of the questionnaire .......................................................................... 8 2.3. Translation of the questionnaire .................................................................................... 9 2.4. Survey management .................................................................................................. -
Manual De Usuario De "Limesurvey"
Este documento ha sido elaborado utilizando plenamente software libre Autor: Carlos Juan Martín Pérez Versión del documento 1.0: Julio de 2008 Versión del documento 1.1: Octubre de 2008 Versión del documento 1.2: Diciembre de 2008 Versión del documento 2.0: Enero de 2009 Base de datos y Sistema de Evaluación e Investigación SIRESCA Índice de contenido Preámbulo............................................................................................5 Capítulo I. Base de Datos.....................................................................7 I. Introducción............................................................................................8 I.1. Acceso inicial.......................................................................................9 I.2. Secciones del Sistema........................................................................10 I.2. Directorio...........................................................................................11 I.3. Datos generales.................................................................................12 I.4. Oferta académica...............................................................................16 I.5. Terminología......................................................................................18 I.6. Acceso para Miembros.......................................................................19 Capítulo II. Sistema de Evaluación e Investigación............................21 II. Introducción.........................................................................................22 -
CSE 361: Web Security CSRF, XSSI, SRI, and Sandboxing
CSE 361: Web Security CSRF, XSSI, SRI, and Sandboxing Nick Nikiforakis CSRF (Sea Surf) 3 Regular Web site usage Behind the scenes https://acmebank.com <form method=“POST” target=https://acmebank.com/transfer> <input type=“text” name=“acct-to”> <input type=“text” name=“amount”> <input type=“submit”> </form> 123-456-789 $50 Transfer OK 4 Forcing browser to perform an action for the attacker http://kittenpics.org <form method="POST" action="https://acmebank.com/transfer" id="transfer"> Processing <input type="hidden" name="act-to" value="987-654-3210"> transaction <input type="hidden" name="amount" value="100000"> </form> <script> transfer.submit() </script> 5 Cross-Site Request Forgery (CSRF / "Sea Surf") • Web application does not ensure that state-changing request came from "within" the application itself • Attack works for GET ... • Image tag with src attribute: <img src="https://acmebank.com/transfer?to=attacker&amount=10000"> • Hidden iframes, css files, scripts, ... • and POST • create iframe (or pop-up window) • fill created viewport with prefilled form • submit form 6 CSRF Examples: digg.com (2006) • digg.com determines frontpage based on how many "diggs" a story gets • vulnerable against CSRF, could be used to digg an URL of the attacker's choosing • Guess which article made it to the front page... 7 CSRF Example: WordPress < 2.06 (2007) • WordPress theme editor was susceptible • WordPress themes are PHP files • Attacker could modify files when logged-in admin visited his page • arbitrary code execution on targeted page 8 CSRF Example: Gmail filters (2007) • Google Mail insufficiently protected against CSRF • Attacker could add mail filters • e.g., forward all emails to a certain address • According to a victim, this led to a domain takeover • Attacker adds redirect filter • Attacker request AUTH code for domain transfer • Voila • Actually, this incident occurred after the bug was fixed..