Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Interpret it!
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Bo0oM
August 15, 2020
Research
1.2k
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Interpret it!
Let's look at the source code that wasn't interpriposed.
Bo0oM
August 15, 2020
More Decks by Bo0oM
See All by Bo0oM
Носок на сок
bo0om
0
1.9k
Выйди и зайди нормально
bo0om
0
110
Защита от вредоносной автоматизации сегодня
bo0om
0
670
Defending against automatization using nginx
bo0om
0
900
Antibot pitch deck
bo0om
0
190
31337
bo0om
0
240
Your back is white
bo0om
0
410
FTP2RCE
bo0om
1
7.7k
At Home Among Strangers
bo0om
1
4k
Other Decks in Research
See All in Research
通時的な類似度行列に基づく単語の意味変化の分析
rudorudo11
0
330
論文紹介 "ReSim: Reliable World Simulation for Autonomous Driving"
kogo
0
670
AIを叩き台として、 「検証」から「共創」へと進化するリサーチ
mela_dayo
0
300
Dual Quadric表現を用いた動的物体追跡とRGB-D・IMU制約の密結合によるオドメトリ推定
nanoshimarobot
0
430
NLP colloquium: AI Safety Survey
kanekomasahiro
0
810
「行ける・行けない表」による地域公共交通の性能評価
bansousha
0
160
業界横断 副業コンプライアンス調査 三者(副業者・本業先・発注者)におけるトラブル認知ギャップの構造分析
fkske
0
1.3k
2026 東京科学大 情報通信系 研究室紹介 (大岡山)
icttitech
0
4k
進学校の生徒にはア行の苗字が多いのか
ozekinote
0
470
Sleuthcon Keynote - How Cybercriminals (ab)use AI
fr0gger
0
240
GLIM とMegaParticles:正規分布近似の限界とタイトカップリング&パーティクルフィルタの進展 / GLIM and MegaParticles : Progress of the distribution representation in SLAM
koide3
0
490
重要だけど測れていないもの:高齢者ケアの見えない課題
theoriatec2024
0
400
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.2k
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
350
The Spectacular Lies of Maps
axbom
PRO
1
850
Testing 201, or: Great Expectations
jmmastey
46
8.2k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.4k
Six Lessons from altMBA
skipperchong
29
4.3k
Principles of Awesome APIs and How to Build Them.
keavy
128
18k
For a Future-Friendly Web
brad_frost
183
10k
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
260
Side Projects
sachag
455
43k
Darren the Foodie - Storyboard
khoart
PRO
3
3.4k
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
2
1.6k
Transcript
How do I see the source code? • Include files
(header.inc) • Backup files • Temp files (nano, vim, etc) • .git or another version-control system • Arbitrary file reading
Interpret it! Anton “Bo0oM” Lopanitsyn
Server configuration errors Multiple routing and microservices location / {
try_files $uri $uri/ /index.html; ... } location /blog { … }
Server configuration errors Multiple routing and microservices
How to find it? https://example.com/config.php - 200, 0B https://example.com/config.php -
200, 3KB Content-type: application/octet-stream text/plain
Find a vulnerability in the config! location ~ ^(.+\.php)(.*)$ {
fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT /var/www/html; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_index index.php; }
Nope https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_split_path_info
Windows + Nginx = <3 https://example.com/config.php - 200, 0B https://example.com/config.pHP
location ~ ^(.+\.php)(.*)$ location ~ ^(.+\.php)(.*)$ Linux (case sensitive): https://example.com/config.pHP - 404 Windows: https://example.com/config.pHP - 200
Nginx /etc/nginx/site-enabled/default server { listen 80 default_server; listen
[::]:80 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { try_files $uri $uri/ =404; } }
None
None
None
Apache /etc/apache2/sites-enabled/000-default.conf <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Apache /etc/apache2/sites-enabled/example.conf <VirtualHost *:80> DocumentRoot /var/www/html/example.com <FilesMatch "\.ph(p[3-5]?|tml)$"> SetHandler application/x-httpd-php
</FilesMatch> …
How to find it? example.com, IP: 123.123.123.123 Check http://123.123.123.123/config.php http://123.123.123.123/example/config.php
http://123.123.123.123/example.com/config.php
CDN’s https://forum.example.com https://cdn.example.com/forum/static/123/123.jpg https://cdn.example.com/forum/config.php Unbelievable, but the fact is, some
move the whole project to cdn!
0day
Blog: https://bo0om.ru Twitter: @i_bo0om Telegram channel: @webpwn