Upload
xchym-hiep
View
1.468
Download
0
Embed Size (px)
Citation preview
Race Condition Attacks in Web Applications
gamma95[at]gmail[dot].com
Breaking news
About me
About me
$g4mm4 === $gamma95● Penetration tester● Bugs hunter● Full time Internet Troll
About the talk
● What is race condition?● Race conditions in the web applications● Prevention● Demo● References● Q&A
What is race condition?
● A race condition or race hazard is a type of flaw in an electronic or software system where the output is dependent on the sequence or timing of other uncontrollable events
● Race conditions can occur in electronics systems, especially logic circuits, and in computer software, especially multithreaded or distributed programs.
in Electronics
● ∆t1 and ∆t2 represent the propagation delays of the logic elements.
● When the input value (A) changes, the circuit outputs a short spike of duration (∆t1+∆t2) - ∆t2 = ∆t1
In Computer Software (file system, networking ...)
in Web Applications: Hit Counter
in Web Applications: Hit Counter
Tell me why?
Tell me why?
in Web Applications: Online Banking
in Web Applications: Online Banking
D3m0
Prevention
Semaphore
System V SemaphorePHP is compiled with --enable-sysvsem
LFI with phpinfo()● What is LFI?
Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected
LFI with phpinfo()● Why PHPInfo()?
The output of the PHPInfo() script contains the values of the PHP Variables, including any values set via _GET, _POST or uploaded _FILES.
How to win the race ?
D3m0
References
● Practical Race Condition Vulnerabilities in Web Applications
https://defuse.ca/race-conditions-in-web-applications.htm
● "LFI with phpinfo() assistance"http://www.insomniasec.com/publications/LFI With PHPInfo Assistance.pdf
● Nghệ thuật tận dụng lỗi phần mềmhttp://bluemoon.com.vn/books/8935048992197.html
Questions?
That's all folks!