Skip to content

ONHEXGROUP

اخبار دنیای امنیت سایبری

  • اخبار
    • آسیب پذیری امنیتی
    • آنالیز بدافزار
    • کنفرانس ،دوره ، وبینار ، لایو ، CTF
    • بازیگران تهدید
    • توسعه اکسپلویت
    • افشای اطلاعات
    • باگ بانتی
    • تیم آبی
    • تیم قرمز
    • امنیت وب
  • دوره های آموزشی
    • دوره رایگان مهندسی معکوس نرم افزار
  • لیست های ویژه
    • موتورهای جستجو برای امنیت سایبری
    • کاتالوگ KEV آژانس CISA
    • آسیب پذیری های وردپرس
      • آسیب پذیری پلاگین ها
      • آسیب پذیری های هسته
      • آسیب پذیری تم ها
    • محصولات خارج از پشتیبانی مایکروسافت
      • محصولات مایکروسافتی که در سال 2022 پشتیبانی نمیشن
      • محصولات مایکروسافتی که در سال 2023 پشتیبانی نمیشن
      • لیست محصولات مایکروسافتی که در سال 2024 پشتیبانی نمیشن
      • لیست محصولات مایکروسافتی که در سال 2025 پشتیبانی نمیشن
    • معرفی فیلم ها و سریالهای مرتبط با هک و امنیت
  • آموزش های ویدیویی
  • انتشارات
    • مجله
    • مقالات
    • پادکست
  • پروژه ها
    • ماشین آسیب پذیر
      • وردپرس آسیب پذیر
  • حمایت مالی ( Donate)
  • تماس با ما
 
  • Home
  • اخبار
  • شروع رویداد Top 10 Web Hacking Techniques 2023
  • آسیب پذیری امنیتی
  • اخبار
  • امنیت وب
  • باگ بانتی
  • توسعه اکسپلویت
  • کنفرانس ،دوره ، وبینار ، لایو ، CTF

شروع رویداد Top 10 Web Hacking Techniques 2023

On بهمن 4, 1402اسفند 1, 1402
seyyid
Share
زمان مطالعه: 8 دقیقه

امسال هم مثله سال پیش، Portswigger رویداد Top 10 Web Hacking Techniques رو برای انتخاب بهترین مقالات سال 2023 در حوزه ی امنیت وب شروع کرده، که اگه علاقمند بودید میتونید در این نظرسنجی شرکت کنید.

اگه اطلاعی از این رویداد ندارید، میتونید پست سال پیش ما رو در این خصوص بخونید.

امسال 68 مقاله در لیست نامزدهای انتخابی هستن که در جدول زیر میتونید عنوان مقاله، توضیحات و نویسنده ی اونو مشاهده کنید. همونطور که مشاهده میکنید، تعدادی از مقالات برای محققین ایرانی هستن.

نحوه ی شرکت هم اینجوریه که به سایت رویداد میرید و به مقالات امتیاز 1 تا 10 میدید، که 1 برای بهترین مقاله و 10 برای پایین ترین رنک هست. حداقل میتونید 3 مورد رو انتخاب کنید و حداکثر هم که 10 مورد. انتخاب ها نباید امتیاز یکسانی داشته باشن، یعنی در کل ، از بین 68 مقاله ، 10 تاش رو از 1 تا 10 رتبه بندی میکنید.

 

 

این نظرسنجی تا 31 ژانویه/11 بهمن فعال هست و میتونید توش شرکت کنید. برای شرکت هم نیاز به ثبت نام و … نداره.

 

عنوان مقاله توضیحات نویسنده
Fileless Remote Code Execution on Juniper Firewalls PHP environment variable manipulation technique that bypasses the need for a file upload, exploiting the auto_prepend_file PHP feature and the Appweb web server’s handling of environment variables and stdin. Jacob Baines
Server-side prototype pollution: Black-box detection without the DoS Leveraging non-destructive techniques like JSON response manipulation and CORS header injection for the safe black-box detection of server-side prototype pollution. Gareth Heyes
Exploiting HTTP Parsers Inconsistencies Exploiting HTTP parser inconsistency for ACL bypass and cache poisoning.
Rafael da Costa Santos
HTTP Request Splitting vulnerabilities exploitation Leveraging nginx misconfigurations to perform HTTP request splitting via control characters in variables. Sergey Bobrov
Unserializable, but unreachable: Remote code execution on vBulletin Exploiting class autoloading in PHP for remote code execution by including arbitrary files using crafted unserialize payloads in vBulletin. Charles Fol
MyBB Admin Panel RCE CVE-2023-41362 Exploiting catastrophic backtracking in MyBB’s admin panel regex to bypass template safety checks and execute arbitrary code. SorceryIE
Hacking into gRPC-Web Exploiting gRPC-Web to discover hidden services and parameters, leading to vulnerabilities like SQL injection. امین نصیری
Pretalx Vulnerabilities: How to get accepted at every conference Leveraging Python’s site-specific configuration hooks for .pth files to gain arbitrary code execution via limited file write vulnerability. Stefan Schiller
Blind CSS Exfiltration: exfiltrate unknown web pages Using CSS :has selector to perform blind exfiltration of sensitive data without JavaScript. Gareth Heyes
How to break SAML if I have paws? Attacking SAML implementations through XML signature wrapping, plaintext injections, signature exclusion, flawed certificate validation, and more. Aleksei “Greendog” Tiurin
From an Innocent Client-Side Path Traversal to Account Takeover Leveraging client-side path traversal in fetch requests and OAuth error redirection for account takeover. kapytein
Chained to hit: Discovering new vectors to gain remote and root access in SAP Enterprise Software Exploiting SAP Enterprise via the P4 protocol and JNDI reference injection. Pablo Artuso , Yvan Genuer
DNS Analyzer – Finding DNS vulnerabilities with Burp Suite Using Burp Collaborator with DNS Analyzer extension to identify DNS vulnerabilities that facilitate Kaminsky-style DNS cache poisoning attacks. SEC Consult Group
SSRF Cross Protocol Redirect Bypass Bypassing SSRF filters using cross-protocol redirection from HTTPS to HTTP. Szymon Drosdzol
fuzzuli Dynamic generation of wordlists based on domain name transformations to discover backup files. Musa ŞANA
SMTP Smuggling – Spoofing E-Mails Worldwide Exploiting differences in SMTP protocol interpretation to bypass SPF and DMARC email validation checks and send spoofed emails. Timo Longin
Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix Leveraging PHP filter chains to prepend and append arbitrary content to file data, facilitating SSRF to RCE and local file inclusion attacks. Charles Fol
A New Vector For “Dirty” Arbitrary File Write to RCE Leveraging uWSGI configuration parsing for remote code execution via a tainted PDF utilizing polymorphic content and automatic reload behavior. Maxence Schmitt, Lorenzo Stella
Exploiting Hardened .NET Deserialization Bypassing .NET deserialization security using novel gadget chains. Piotr Bazydło
Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity Bypassing TeamCity server authentication check with unsanitized input handling for request interceptor pre-handling paths. Stefan Schiller
Oh-Auth – Abusing OAuth to take over millions of accounts Manipulating OAuth token verification logic to facilitate account takeovers. Aviad Carmel
Cookie Bugs – Smuggling & Injection Exploiting inconsistent parsing of dquoted cookie values, leading to cookie smuggling, and how incorrect delimiters allow cookie injection, enabling CSRF token spoofing and potential authentication bypasses. Ankur Sundara
AWS WAF Bypass: invalid JSON object and unicode escape sequences Bypassing AWS WAF via invalid JSON with duplicated parameter names.

Andrea Menin

can I speak to your manager? hacking root EPP servers to take control of zones Exploiting XXE vulnerabilities in EPP servers and local file disclosure in CoCCA Registry Software to gain control of entire ccTLD zones.

hackcompute group

Three New Attacks Against JSON Web Tokens Novel JWT implemtation flaws Tom Tervoort
Cookie Crumbles: Breaking and Fixing Web Session Integrity Exposing session integrity vulnerabilities due to implementation or specification inconsistencies across browsers and web frameworks. Marco SquarcinaPedro Adão,ULisboa, Lorenzo Veronese , Matteo Maffei
From Akamai to F5 to NTLM… with love Leveraging HTTP request smuggling and cache poisoning via Akamai and F5 BIGIP systems to redirect and steal sensitive data including authorization tokens and NTLM credentials.

d3d

SSO Gadgets: Escalate (Self-)XSS to ATO Leveraging SSO gadgets in OAuth2/OIDC implementations to convert Self-XSS to ATO. lauritz holtmann
New ways of breaking app-integrated LLMs Indirect prompt injection attacks on application-integrated LLMs enabling remote control, data exfiltration, and persistent compromise. Kai Greshake
mTLS: When certificate authentication is done wrong Vulnerabilities in mutual TLS leading to user impersonation, privilege escalation, and information leakage. Michael Stepankin
HTML Over the Wire Exploiting “HTML Over the Wire” libraries’ features for CSRF token leakage via cross-origin POST requests with injected links.

~ryan

tRPC Security Research: Hunting for Vulnerabilities in Modern APIs Leveraging Type errors and improperly secured trpc-panel endpoints to identify and exploit tRPC API vulnerabilities. برنا نعمت زاده
Prototype Pollution in Python Class Pollution in Python via recursive merge functions manipulating __class__ special attributes. Abdulrah33m
Code Vulnerabilities Put Skiff Emails at Riskr Bypassing Skiff’s HTML sanitization to achieve XSS and steal decrypted emails. Paul Gerste
Memcached Command Injections at Pylibmc Exploiting Flask-Session with Memcached command injection utilizing crc32 collision and python pickle deserialization for RCE.

d4d

The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree Leveraging GitHub Actions’ dependency tree to spread malware recursively across repositories using compromised Actions. asi greenholts
XSS in GMAIL Dynamic Email Exploitation of CSS parsing in Gmail’s AMP for Email allowed injection of meta tag for potential phishing, bypassing strict CSP with no effective XSS. asdqw3
One Supply Chain Attack to Rule Them All Exploiting self-hosted GitHub Action runners for persistent access and executing arbitrary code on internal GitHub infrastructure to compromise CI/CD secrets and potentially tamper with GitHub’s runner images for supply chain attacks. adnanthekhan
How I Hacked Microsoft Teams and got $150,000 in Pwn2Own RCE in Microsoft Teams through a combination of bugs including XSS via chat message, lack of context isolation, and JS execution outside the sandbox. Masato Kinugawa
Hunting for Nginx Alias Traversals in the wild Leveraging Nginx alias misconfigurations for directory traversal attacks.

Daniel (Celesian) Matsumoto

DOM-based race condition: racing in the browser for fun – RyotaK’s Blog Exploiting race conditions in AngularJS applications by delaying the loading of AngularJS with a connection pool exhaustion attack to enable DOM-based XSS via pasted clipboard data with ng- directives. ryotak
Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework Bypassing IIS authentication and impersonating parent application pool identities in ASP.NET using double cookieless pattern. سروش دلیلی
Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari Exploiting delayed DNS responses with Safari and Chrome’s prioritization of IPv6 to perform split-second DNS rebinding attacks. Daniel Thatcher
Leaking Secrets From GitHub Actions: Reading Files And Environment Variables, Intercepting Network/Process Communication, Dumping Memory Leveraging command injection in GitHub Actions to read environment variables and files, intercept network and process communication, and dump memory for extracting secrets. Karim Rahal
Compromising F5 BIGIP with Request Smuggling Exploiting the AJP protocol with HTTP request smuggling to bypass authentication and execute arbitrary system commands on F5 BIG-IP systems identified by CVE-2023-46747. Michael Weber , Thomas Hendrickson
AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice Terminating MSSQL queries with ‘ ‘ instead of ‘;’ to bypass AWS WAF. Marc Olivier Bergeron
Bypass firewalls with of-CORs and typo-squatting Exploitation of Cross-Origin Resource Sharing (CORS) misconfigurations on internal networks using typo-squatting domains to probe for and exfiltrate sensitive data without violating bug bounty rules. Chris Grayson
CVE-2022-4908 : SOP bypass in Chrome using Navigation API Abusing Navigation API’s navigation.entries() to leak the navigation history array from cross-origin windows. Johan Carlsson
RCE via LDAP truncation on hg.mozilla.org Achieved Remote Code Execution (RCE) on Mozilla’s server by exploiting LDAP query truncation with NULL byte injection to bypass input sanitization, enabling command injection. joernchen
EmojiDeploy: Smile! Your Azure web service just got RCE’d Exploiting same-site misconfiguration and origin check bypass in Azure Kudu SCM to achieve RCE through CSRF via ZIP file deployments. Liv Matan
Metamask Snaps: Playing in the Sand Exploiting untrusted code execution via JSON sanitization bypass within Metamask Snaps environment. Bruno Halltari,Caue Obici
nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover Leveraging mutable and unverified “email” claim within Microsoft Azure AD OAuth applications for account takeover.

Omer Cohen

Java Exploitation Restrictions in Modern JDK Times Bypassing Java deserialization gadget execution restrictions in modern JDKs using JShell API for JDK versions >= 15 and –add-opens with Reflection for JDK >= 16. Florian Hause
State of DNS Rebinding in 2023 Advancements and trends in DNS rebinding attacks, examining their effectiveness against modern web security measures Roger Meyer
Smashing the state machine: the true potential of web race conditions Concept of “everything is multi-step” for web race conditions, expanding the traditional limit-overrun attack scope by exploiting hidden sub-states within web applications and introducing a jitter-resistant “single-packet attack”. James Kettle
Thirteen Years On: Advancing the Understanding of IIS Short File Name (SFN) Disclosure! Revealing full file names in IIS that contain ~DIGIT patterns using file name enumeration techniques. سروش دلیلی
You Are Not Where You Think You Are, Opera Browsers Address Bar Spoofing Vulnerabilities Address bar spoofing techniques in Opera browsers, exploiting features like intent URLs, extension updates, and fullscreen mode Renwa
JMX Exploitation Revisited Leveraging JMX StandardMBean and RequiredModelMBean for RCE by dynamic MBean creation and arbitrary method invocation. Markus Wulftange
One Scheme to Rule Them All: OAuth Account Takeover Exploiting OAuth with app impersonation via custom scheme hijacking for account takeover. Mohamed Benchikh
Code Vulnerabilities Put Proton Mails at Risk DOMPurify sanitization bypass in Proton Mail via svg to proton-svg renaming leading to XSS. Paul Gerste
PHP filter chains: file read from error-based oracle Combining memory exhaustion and encoding translations via PHP filter chains to perform error-based local file content leakage. Rémi Matasse
Uncovering a crazy privilege escalation from Chrome extensions Escalation to arbitrary code execution via chrome:// URL XSS and filesystem: protocol abuse in Chrome extensions on ChromeOS.
Derin Eryılmaz
Yelp ATO via XSS + Cookie Bridge Achieving Account Takeover (ATO) on yelp.com and biz.yelp.com through Cross-Site Scripting (XSS) coupled with Cookie Bridging.
lil_endian
Ransacking your password reset tokens Brute-force attack on Ruby on Rails applications using the Ransack library, to exfiltrate password reset tokens through character-by-character prefix matching via search filters. Lukas Euler
BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover Leveraging AAD multi-tenant misconfiguration for unauthorized application access leading to Bing.com result manipulation and XSS attacks. Hillai Ben-Sasson
draw.io CVEs OAuth token leakage due to a whitespace bypass in URL validation. caioluders
Azure B2C Crypto Misuse and Account Compromise Extracting public RSA keys to craft valid OAuth refresh tokens and compromise Azure AD B2C user accounts John Novak
OAuth 2.0 Redirect URI Validation Falls Short, Literally OAuth exploitation via path confusion. Tommaso Innocenti, Ali Mirheidari, Matteo Golinelli , Bruno Crispo , Kaan Onarlioglu , Engin Kirda 

 

نتایج این نظرسنجی :

 

1. Smashing the state machine: the true potential of web race conditions (James Kettle)

2. Exploiting Hardened .NET Deserialization (Piotr Bazydło)

3. SMTP Smuggling – Spoofing E-Mails Worldwide (Timo Longin)

4. PHP filter chains: file read from error-based oracle (Rémi Matasse)

5. Exploiting HTTP Parsers Inconsistencies(Rafael da Costa Santos)

6. HTTP Request Splitting vulnerabilities exploitation(Sergey Bobrov)

7. How I Hacked Microsoft Teams and got $150,000 in Pwn2Own(Masato Kinugawa)

8. From Akamai to F5 to NTLM… with love.(d3d)

9. Cookie Crumbles: Breaking and Fixing Web Session Integrity(Marco SquarcinaPedro Adão,ULisboa, Lorenzo Veronese , Matteo Maffei)

10. can I speak to your manager? hacking root EPP servers to take control of zones(hackcompute group)

 

 

 

اشتراک در شبکه های اجتماعی :

Facebook
Twitter
Pinterest
LinkedIn
In آسیب پذیری امنیتی اخبار امنیت وب باگ بانتی توسعه اکسپلویت کنفرانس ،دوره ، وبینار ، لایو ، CTFIn Top 10 Web Hacking Techniques

راهبری نوشته

اصلاح 14 آسیب پذیری در محصولات اسپلانک
نگاهی به اولین دوره ی مسابقات Pwn2Own Automotive

دیدگاهتان را بنویسید لغو پاسخ

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

دسته‌ها

  • Osint
  • آسیب پذیری امنیتی
  • آموزش های ویدیویی
  • آنالیز بدافزار
  • اخبار
  • افشای اطلاعات
  • امنیت وب
  • انتشارات
  • اینترنت اشیاء
  • بازیگران تهدید
  • باگ بانتی
  • پادکست
  • پروژه ها
  • توسعه اکسپلویت
  • تیم آبی
  • تیم قرمز
  • دوره های آموزشی
  • فازینگ
  • کنفرانس ،دوره ، وبینار ، لایو ، CTF
  • لیست های ویژه
  • ماشین آسیب پذیر
  • مجله
  • مقالات
  • مهندسی معکوس نرم افزار

پست های مرتبط

  • آسیب پذیری امنیتی
  • اخبار
  • بازیگران تهدید
seyyid
On خرداد 6, 1402خرداد 7, 1402

اصلاح دو آسیب پذیری با شدت بحرانی در فایروالهای Zyxel

  • آسیب پذیری امنیتی
  • اخبار
  • توسعه اکسپلویت
seyyid
On آذر 22, 1402

بررسی Patch Tuesday مایکروسافت برای دسامبر 2023 (آذر 1402)

  • اخبار
  • افشای اطلاعات
  • بازیگران تهدید
  • باگ بانتی
  • تیم آبی
  • تیم قرمز
  • مقالات
seyyid
On اسفند 21, 1401فروردین 28, 1402

شکار هکرها

  • آسیب پذیری امنیتی
  • اخبار
  • بازیگران تهدید
seyyid
On بهمن 15, 1401فروردین 28, 1402

آسیب پذیری CVE-2023-20076 در Cisco IOx

درباره ما

بعد از چندین سال فعالیت تو حوزه امنیت سایبری و تولید محتوا در شبکه های اجتماعی ، بالاخره تصمیم گرفتیم تا یه سایت راه اندازی کنیم و مطالب رو ساده تر ، در یک محیط منسجم و طبقه بندی شده به دست مخاطب برسونیم. امیدوارم که قدمی در راستای رشد امنیت سایبری کشورمون برداشته باشیم.

تگ ها

0day APT command injection Deserialization of Untrusted Data Directory Traversal FBI Fortinet Heap buffer overflow integer overflow kali LockBit Memory Corruption nuclei Off By One Security out-of-bounds write Out of bounds read Patch Tuesday PWN2OWN Stack Buffer overflow type confusion use after free vulnerable wordpress XSS ZDI vulnerability آموزش اکسپلویت نویسی ارز دیجیتال اندروید اپل اکسپلویت باج افزار تلگرام زیرودی سیسکو فارنزیک فورتی نت فیشینگ لاک بیت مایکروسافت هوش مصنوعی وردپرس وردپرس آسیب پذیر ویندوز پلاگین کروم گوگل

شبکه های اجتماعی

    • Instagram
    • Telegram
    • Twitter
    • GitHub
    • YouTube
    • LinkedIn
      کپی مطالب با ذکر منبع بلامانع است | 1401-1404