• Home

  • Documents

  • Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control”...
24
Everything you know about Injection Attack is Wrong Pravir Chandra Bloomberg [email protected]

Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

  • Upload
    others

  • View
    4

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

Everything you know about Injection Attack is Wrong

Pravir Chandra Bloomberg

[email protected]

Page 2: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

SQL Injection

Page 3: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

SQL Injection

Page 4: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l
Page 5: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

Prepared Statement

Page 6: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

Now what?

Page 7: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

Input Validation!!!

Page 8: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

Input Validation???

Page 9: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

Input Validation

Page 10: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

Cross Site Scripting

Page 11: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

XSS – HTML

Page 12: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

XSS – Attribute

Page 13: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

XSS – CSS

Page 14: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

XSS – Javascript

Page 15: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

XSS – URL

Page 16: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

So what’s the real problem here?

Page 17: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l
Page 18: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

LDAP Injection

Malicious Input: foo (| (objectclass=*))

Page 19: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

XPath Injection

Malicious Input: ’ or 1=1 or ‘’=‘

Page 20: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

Log Injection

Malicious Input: abc\nUser “admin” logged in successfully

Page 21: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

So how do we prevent it?

Page 22: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

Protect output contexts by design

Output

Assembler

Known-Safe

Output Value

HTML Encoder

Escaping Function

...

Parameterization

Logic

Untrusted

Input Value(s)

Output Template

Where the API isn’t given by your platforms/libraries, BUILD IT!

Page 23: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

Expose “control” resources indirectly

Internal Reference Map

Direct

References (real resource

names)

Indirect

References(random,

unguessable)

Client's Value Services

Database

...

Page 24: Everything you know about Injection Attack is Wrong · 2020-01-17 · Expose “control” resources indirectly I n te rn a l R e fe re n ce Ma p D ire ct R e fe re n ce s (re a l

Thanks for your time!

Pravir Chandra

[email protected]


FE Review - Fluids - Spring 2013 - handout...Circular Pipe Flow Open Channel Re < 500 laminar flow 500 < Re < 2000 transition region Re > 2000 turbulent flow FE Fluids

FE Review - Fluids - Spring 2013 - handout...Circular Pipe Flow Open Channel Re < 500 laminar flow 500 < Re < 2000 transition region Re > 2000 turbulent flow FE Fluids

Documents
ACTA DE PRESENTACIÓN Y APERTURA DE PROPUESTAS … · 2017. 11. 9. · hora y fe cha: 10: 00 hrs. de l d ía 9 de n ov ie m bre de 2017 lpe-n26-2017 tie mpo de tod os re fe re n te

ACTA DE PRESENTACIÓN Y APERTURA DE PROPUESTAS … · 2017. 11. 9. · hora y fe cha: 10: 00 hrs. de l d ía 9 de n ov ie m bre de 2017 lpe-n26-2017 tie mpo de tod os re fe re n te

Documents
E x p e r i e n c e t h e w o r l d i n d i f fe re n t d ... · E x p e r i e n c e t h e w o r l d i n d i f fe re n t d i m e n s i o n s . In Google Earth it is possible to explore

E x p e r i e n c e t h e w o r l d i n d i f fe re n t d ... · E x p e r i e n c e t h e w o r l d i n d i f fe re n t d i m e n s i o n s . In Google Earth it is possible to explore

Documents
M a n u a l d e re fe re n cia s i70 - Azimut Marine...3.2Controlesdelinstrumento Funcionesyesquemadelcontrol. N O P 4 D12065-1 Elemento Descripción 1. BOTÓNDELAIZQUIERDA Encendido,Brillo,Cancelar,Atrás

M a n u a l d e re fe re n cia s i70 - Azimut Marine...3.2Controlesdelinstrumento Funcionesyesquemadelcontrol. N O P 4 D12065-1 Elemento Descripción 1. BOTÓNDELAIZQUIERDA Encendido,Brillo,Cancelar,Atrás

Documents
Viviendo Nuestra Fe N°4

Viviendo Nuestra Fe N°4

Documents
Mandalay Bay Convention Document Level One …...2015/10/02  · BAYSIDE D BAYSIDE C BAYSIDE B BAYSIDE A FOOD COURT LOADING DOCK SOUTH LOWER W E S N FE FE FE FE FE FE FE FE FE FE FE

Mandalay Bay Convention Document Level One …...2015/10/02  · BAYSIDE D BAYSIDE C BAYSIDE B BAYSIDE A FOOD COURT LOADING DOCK SOUTH LOWER W E S N FE FE FE FE FE FE FE FE FE FE FE

Documents
d e sig n k re fe ld n e w s # 0 4 Ð J a n u a r 2 0 1 0 · d e sig n k re fe ld n e w s # 0 4 Ð J a n u a r 2 0 1 0 Einladung zur Mappenberatung Ð 14. Januar 2010 Bewerber und

d e sig n k re fe ld n e w s # 0 4 Ð J a n u a r 2 0 1 0 · d e sig n k re fe ld n e w s # 0 4 Ð J a n u a r 2 0 1 0 Einladung zur Mappenberatung Ð 14. Januar 2010 Bewerber und

Documents
GS1 Brasil N Fe

GS1 Brasil N Fe

Business
THERMODYNAMIC MODELLING OF INTERDIFFUSION I N Fe-Co AND Fe-Ni BONDS

THERMODYNAMIC MODELLING OF INTERDIFFUSION I N Fe-Co AND Fe-Ni BONDS

Documents
Datasheet - LDL212 - High PSRR, low drop linear regulator ICOP-AMP Bia s g e n e ra t o r B a n d g a p re fe re n c e E N Th e rm a l p ro t e c t io n E n a b le C u rre n t and

Datasheet - LDL212 - High PSRR, low drop linear regulator ICOP-AMP Bia s g e n e ra t o r B a n d g a p re fe re n c e E N Th e rm a l p ro t e c t io n E n a b le C u rre n t and

Documents
Moderato CAN CIO N JOSE MARIA LACALLE - Miguel … CAN CIO N JOSE MARIA LACALLE Deo— mor pa/ vez es co-che /a irk-fe e/ ð-morsn-//b' sv —zon. — zon, en los re— J? en 105 re

Moderato CAN CIO N JOSE MARIA LACALLE - Miguel … CAN CIO N JOSE MARIA LACALLE Deo— mor pa/ vez es co-che /a irk-fe e/ ð-morsn-//b' sv —zon. — zon, en los re— J? en 105 re

Documents
1992 Life Reinsurance Survey - Munich Re · 2019-10-03 · Col ogne Life Re CNA Crown Life Empl oyers Reassurance Equitable Life Frankona America Li fe General American Li fe Gerl

1992 Life Reinsurance Survey - Munich Re · 2019-10-03 · Col ogne Life Re CNA Crown Life Empl oyers Reassurance Equitable Life Frankona America Li fe General American Li fe Gerl

Documents
Una declaraci n de fe - vidaencristo.info

Una declaraci n de fe - vidaencristo.info

Documents
n Fe O 2 As Fe

n Fe O 2 As Fe

Documents
Lección N° 3 ORACION Y FE

Lección N° 3 ORACION Y FE

Documents
AÑO DE LA DIVERSIFICACIÓN PRODUCTIVA Y DEL … · Perú - La Agenda Digital Peruana 2.0” 565905 Fe de Erratas D.S N° 053-2015-RE 565905 TRANSPORTES Y COMUNICACIONES R.M. N°

AÑO DE LA DIVERSIFICACIÓN PRODUCTIVA Y DEL … · Perú - La Agenda Digital Peruana 2.0” 565905 Fe de Erratas D.S N° 053-2015-RE 565905 TRANSPORTES Y COMUNICACIONES R.M. N°

Documents
re fe re - UFSC

re fe re - UFSC

Documents
# CITATION CONCLUSION(S) RE TYPE N NS N ZE RE

# CITATION CONCLUSION(S) RE TYPE N NS N ZE RE

Documents
Curriculum fo rme d b y cu rre n t re se a rch and p ro fe ssi o n a l/vo ca tio n a l p ra ct ice G A2 - ÀH xi b ility , cre a tivi ty a n d a n e n tre p re n e …

Curriculum fo rme d b y cu rre n t re se a rch and p ro fe ssi o n a l/vo ca tio n a l p ra ct ice G A2 - ÀH xi b ility , cre a tivi ty a n d a n e n tre p re n e …

Documents
3 Logik und Inferenz...B e tra c h te je tz t e in e w e ite re In fe re n z re g e l: (II) U n iv e rs e lle E in s e tz u n g A u s ( f o r a l l ( x ) p ) in fe rie re p m it a

3 Logik und Inferenz...B e tra c h te je tz t e in e w e ite re In fe re n z re g e l: (II) U n iv e rs e lle E in s e tz u n g A u s ( f o r a l l ( x ) p ) in fe rie re p m it a

Documents
Buena fe subjetiva y buena fe objetiva. equívocos a los que … · 2015. 6. 27. · Buena fe subjetiva y buena fe objetiva 47 re v si t a d e de r e c h o pr vi a d o ex t e r N

Buena fe subjetiva y buena fe objetiva. equívocos a los que … · 2015. 6. 27. · Buena fe subjetiva y buena fe objetiva 47 re v si t a d e de r e c h o pr vi a d o ex t e r N

Documents
Re: Carib Energy (USA) LLC, FE Docket No. 21-99 - LNG

Re: Carib Energy (USA) LLC, FE Docket No. 21-99 - LNG

Documents
Jam es Davis MCSP...Jam es Davis MCSP This article will present some of the scientific literature re la tin g to low back pain in cricket with re fe re n ce to common pathologies,

Jam es Davis MCSP...Jam es Davis MCSP This article will present some of the scientific literature re la tin g to low back pain in cricket with re fe re n ce to common pathologies,

Documents
a n a l y s i s o f 1 8 2 s t u d i e s H C Q i s e f fe c ...e f fe c t a n d a n e s t im a t e d re d u c t i o n o f 6 5 % i n t h e e f fe c t m e as u re d ( d e a t h , h o

a n a l y s i s o f 1 8 2 s t u d i e s H C Q i s e f fe c ...e f fe c t a n d a n e s t im a t e d re d u c t i o n o f 6 5 % i n t h e e f fe c t m e as u re d ( d e a t h , h o

Documents
IdmínistraGion proíinoial · 2018. 7. 11. · fe fe o n

IdmínistraGion proíinoial · 2018. 7. 11. · fe fe o n

Documents
C21 - N°3 - fe

C21 - N°3 - fe

Documents
MANUAL DE A U D IT O R êA GUBERNAMENT AL...del sector p blico a implantar y mejorar sus actividades de revisi n. 5 . S u m in istra r u n te xto d e re fe re n cia p a ra a rm o n

MANUAL DE A U D IT O R êA GUBERNAMENT AL...del sector p blico a implantar y mejorar sus actividades de revisi n. 5 . S u m in istra r u n te xto d e re fe re n cia p a ra a rm o n

Documents
N Fe Moore Advantage

N Fe Moore Advantage

Economy & Finance
Anul XIX APRILIE 2018 DEVORAREA REVOLU}IEI Partizanul Vasile … · 2018-04-12 · \n sensul hot`rârii pilot CEDO, ... N-am spus \n comentariul meu, care se re - fe rea doar la una

Anul XIX APRILIE 2018 DEVORAREA REVOLU}IEI Partizanul Vasile … · 2018-04-12 · \n sensul hot`rârii pilot CEDO, ... N-am spus \n comentariul meu, care se re - fe rea doar la una

Documents
05ADM008 letter to MAs (FE) re Letter to Heads of State

05ADM008 letter to MAs (FE) re Letter to Heads of State

Documents