Hackers of India

WebApp Remote Code Execution using Server Side Scripting Engines

By Rahul Sasi on 03 Aug 2012 @ C0c0n
πŸ“Š Presentation πŸ”— Link
#red-teaming #security-assessment #application-pentesting #dynamic-analysis #input-validation #security-testing #code-injection
Focus Areas: πŸ” Application Security , βš™οΈ DevSecOps , 🦠 Malware Analysis , 🎯 Penetration Testing , πŸ” Vulnerability Management

Presentation Material

Abstract

Remote code execution in web application is as critical as it sounds . The most followed methods to achieve code executions in web applications Pentest|Attack are via LFI|RFI|SQL injections attacks. Where you have un validated inputs passed on to critical (asp,php,java) function calls|Databases. This talk would be extending the code executions surface by trying to attacks the FrameWorks and Scripting Engines via Web Apps.