• Home

  • Technology

  • Dmitry Boomov - Hosting dashboard web application logic vulnerabilities
19
Fast Track Уязвимости в логике работы веб-приложений панелей управления хостинг-провайдеров

Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

Fast Track

Уязвимости в логике работы веб-приложений панелей управления

хостинг-провайдеров

Page 2: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

-18

Page 3: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities
Page 4: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities
Page 5: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities
Page 6: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities
Page 7: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

DNS-сервер

Page 8: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

Баг или фича?

Page 9: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

ТОП-15 хостинг-провайдеров российского рынка

Page 10: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

Здесь были красивые таблички

Но теперь их нет

Page 11: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

Никому ненужная статистика

Page 12: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

Вектор #1

Page 13: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

Вектор #2ТиЦ + PR

Содержимое .htaccess:

Page 14: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

Вектор #2ТиЦ + PR

Page 15: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

Вектор #3MITM

Page 16: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

Сервис 1stat.ru

Page 17: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

Обратный резолвинг

• Yougetsignal.com (Domain List или API)• Bing.com (ip: 127.0.0.1)• Прочие сервисы и утилиты

Page 18: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

Способ защиты

Page 19: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities

Спасибо за внимание

@i_bo0om

Дмитрий Bo0oM Бумов


Mejer Dmitry

Mejer Dmitry

Documents
Unit Test Process Authors:Sergey Fedorov, Dmitry Balkin, Dmitry Korenkov June 2005

Unit Test Process Authors:Sergey Fedorov, Dmitry Balkin, Dmitry Korenkov June 2005

Documents
Dmitry Naumov - theor.jinr.ru

Dmitry Naumov - theor.jinr.ru

Documents
Dmitry Kushnirsky | Portfolio

Dmitry Kushnirsky | Portfolio

Documents
Riskal Dmitry 2009

Riskal Dmitry 2009

Documents
Dmitry Loskov

Dmitry Loskov

Sports
Dmitry Seleznev

Dmitry Seleznev

Documents
Dmitry Budker

Dmitry Budker

Documents
Firebird 2.5 Sprachreferenz...Firebird 2.5 Sprachreferenz Dmitry Filippov, Alexander Karpeykin, Alexey Kovyazin, Dmitry Kuzmenko, Denis Simonov, Paul Vinkenoog, Thomas Woinke, Dmitry

Firebird 2.5 Sprachreferenz...Firebird 2.5 Sprachreferenz Dmitry Filippov, Alexander Karpeykin, Alexey Kovyazin, Dmitry Kuzmenko, Denis Simonov, Paul Vinkenoog, Thomas Woinke, Dmitry

Documents
Kochegurov Dmitry Alexandrovich

Kochegurov Dmitry Alexandrovich

Documents
ExactTarget (Dmitry Yasko)

ExactTarget (Dmitry Yasko)

Presentations & Public Speaking
Dmitry Polyanskiy

Dmitry Polyanskiy

Sports
cybersecurityworks.com · McAfee threat dashboard which summarizes trending vulnerabilities and threats AlienVault Open Threat Exchange (OTX) and IBM X-Force Exchange Twitter feeds,

cybersecurityworks.com · McAfee threat dashboard which summarizes trending vulnerabilities and threats AlienVault Open Threat Exchange (OTX) and IBM X-Force Exchange Twitter feeds,

Documents
Dmitry Shostakovich

Dmitry Shostakovich

Documents
Portfolio Dmitry Kuzharov

Portfolio Dmitry Kuzharov

Design
Metro2034 - Dmitry Glukhovsky

Metro2034 - Dmitry Glukhovsky

Documents
CIN-T08 Dmitry ERP Security 2016: Lead ERP security ... · PDF fileSESSION ID: #RSAC Roman. ERP Security 2016: Vulnerabilities, Threats and Trends. Expert Opinion. CIN-T08. Security

CIN-T08 Dmitry ERP Security 2016: Lead ERP security ... · PDF fileSESSION ID: #RSAC Roman. ERP Security 2016: Vulnerabilities, Threats and Trends. Expert Opinion. CIN-T08. Security

Documents
[Dmitry Aksenov, Dmitry Dobrynin, Maxim Dubinin Et(BookFi.org)

[Dmitry Aksenov, Dmitry Dobrynin, Maxim Dubinin Et(BookFi.org)

Documents
Thesis Dmitry Kaynov

Thesis Dmitry Kaynov

Documents
3. maselskiy dmitry

3. maselskiy dmitry

Documents
Dmitry Shemyakin. Infinera

Dmitry Shemyakin. Infinera

Business
Dmitry Ivanovich Sautin

Dmitry Ivanovich Sautin

Sports
PERSONAL INFORMATION Dmitry Ostrozhskiy SexMale| Date of ... · Curriculum Vitae Dmitry Ostrozhskiy PERSONAL INFORMATION Dmitry Ostrozhskiy 2A-26 Kosmonavtov Prospect, Ukhta, 169300,

PERSONAL INFORMATION Dmitry Ostrozhskiy SexMale| Date of ... · Curriculum Vitae Dmitry Ostrozhskiy PERSONAL INFORMATION Dmitry Ostrozhskiy 2A-26 Kosmonavtov Prospect, Ukhta, 169300,

Documents
Kononov dmitry

Kononov dmitry

Education
Dmitry Rodnikov

Dmitry Rodnikov

Documents
Dmitry kustanovich

Dmitry kustanovich

Documents
Dmitry Kot

Dmitry Kot

Education
Dmitry B. Goldgof

Dmitry B. Goldgof

Documents
Dmitry Yovdiy

Dmitry Yovdiy

Documents
Edvard Grieg • Kosaku Yamada • Dmitry Shostakovich • · PDF fileEdvard Grieg • Kosaku Yamada • Dmitry Shostakovich • Geirr Tveitt • Carl Nielsen ... Dmitry Shostakovich

Edvard Grieg • Kosaku Yamada • Dmitry Shostakovich • · PDF fileEdvard Grieg • Kosaku Yamada • Dmitry Shostakovich • Geirr Tveitt • Carl Nielsen ... Dmitry Shostakovich

Documents