File tree Expand file tree Collapse file tree
ep16-nosqli-blind-injection Expand file tree Collapse file tree Original file line number Diff line number Diff line change 3939 - [[#exercise-unguessable-identifiers-hint][Exercise: "Unguessable" Identifiers (Hint)]]
4040 - [[#exercise-unguessable-identifiers-answer][Exercise: "Unguessable" Identifiers (Answer)]]
4141 - [[#takeaways][Takeaways]]
42- - [[#exercise-bypassing-wafs-hint][Exercise: Bypassing WAFs (HINT)]]
43- - [[#finding-unguessable-identifiers-answer][Finding Unguessable Identifiers (Answer)]]
44- - [[#takeaways-1][Takeaways]]
45- - [[#takeaways-2][Takeaways]]
4642
4743** Talk Scope
48441. Exercise: Learn about Blind Injection and leverage it to find vulnerable
147143 public client-side code
148144- When possible, never whitelist any characters that can be leveraged to create a logical operator
149145 - ~|~, ~&~, etc.
150- ** Exercise: Bypassing WAFs (HINT)
151- - ~http://localhost:3000/rest/product/inject_me/reviews~
152- #+BEGIN_SRC javascript
153- db.reviews.find({ '$where': 'this.SOME_PROPERTY == this.SOME_PROPERTY'})
154- #+END_SRC
155- - Given the url, what could ~SOME_PROPERTY~ be?
156-
157- ** Finding Unguessable Identifiers (Answer)
158- - http://localhost:3000/rest/product/this.product/reviews
159- - Takeaway
160- - Attackers leverage the URL to deduce information about the database schema
161- ** Takeaways
162-
163- ** Takeaways
164- - Attackers profile Javascript to deduce admin functionality (or functionality
165- that isn't immediately available within the application)
166- - Input Validation
167- - Regular Expressions aren't enough, we must also validate type
You can’t perform that action at this time.
0 commit comments