How to hack a node app? @ GDG DevFest Ukraine 2017
?
0 likes?460 views
Thought hacking was hard? It¡¯s not, it¡¯s easy and I¡¯m going to show you how! We¡¯ll investigate a series of hacking stories and break them down step-by-step to see exactly how they did it. By the end you¡¯ll walk away a little bit more scared and a lot more prepared with some great practices you can apply immediately to your own applications.
![def send_email(request):
try:
recipients = request.GET['to'].split(',')
url = request.GET['url']
proto, server, path, query, frag = urlsplit(url)
if query: path += '?' + query
conn = HTTPConnection(server)
conn.request('GET',path)
resp = conn.getresponse()
...
@jawache](https://image.slidesharecdn.com/howtohackanodeapp-gdgukraine2017-171013140120/85/How-to-hack-a-node-app-GDG-DevFest-Ukraine-2017-29-320.jpg)
![def send_email(request):
try:
recipients = request.GET['to'].split(',')
url = request.GET['url']
proto, server, path, query, frag = urlsplit(url)
if query: path += '?' + query
conn = HTTPConnection(server)
conn.request('GET',path)
resp = conn.getresponse()
...
@jawache](https://image.slidesharecdn.com/howtohackanodeapp-gdgukraine2017-171013140120/85/How-to-hack-a-node-app-GDG-DevFest-Ukraine-2017-31-320.jpg)
How to hack a node app? @ GDG DevFest Ukraine 2017
- 3. it can happen to you @jawache
- 9. @jawache
- 12. Google App Engine Heroku Amazon Beanstalk Azure App Services
- 14. @jawache
- 15. @jawacheIt's Always Sunny In Philadelphia
- 16. #2 @jawache
- 17. 'SELECT * FROM COMPANIES WHERE name =' + name; @jawache
- 18. SELECT * FROM COMPANIES WHERE name =; DROP TABLE "COMPANIES"; --LTD @jawache
- 19. @jawache
- 20. @jawache
- 22. @jawache
- 23. @jawache
- 24. #3 @orange_8361
- 29. def send_email(request): try: recipients = request.GET['to'].split(',') url = request.GET['url'] proto, server, path, query, frag = urlsplit(url) if query: path += '?' + query conn = HTTPConnection(server) conn.request('GET',path) resp = conn.getresponse() ... @jawache
- 31. def send_email(request): try: recipients = request.GET['to'].split(',') url = request.GET['url'] proto, server, path, query, frag = urlsplit(url) if query: path += '?' + query conn = HTTPConnection(server) conn.request('GET',path) resp = conn.getresponse() ... @jawache
- 32. rn @jawache
- 33. %0D%0A @jawache
- 35. GET /%0D%0Ahello%0D%0AFoo: HTTP/1.1 Host: 127.0.0.1:12345 Accept-Encoding: identity @jawache
- 36. GET / hello Foo: HTTP/1.1 Host: 127.0.0.1:12345 Accept-Encoding: identity @jawache
- 38. GET / set key 0 900 4 data HTTP/1.1 Host: 127.0.0.1:11211 Accept-Encoding: identity @jawache
- 39. GET / set key 0 900 4 data HTTP/1.1 Host: 127.0.0.1:11211 Accept-Encoding: identity @jawache
- 43. @jawache
- 46. #4 @jawache
- 47. @jawache
- 48. @jawache
- 50. @jawache
- 54. Stop pretending Don't assume Small vulnerability Don't trust anyone PaaS Sanitise Fix @jawache
- 57. Azure App Services https://aka.ms/azure-app-service-docs Google App Engine https://cloud.google.com/appengine/ Heroku https://heroku.com Amazon Beanstack http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html PaaS Platforms
- 58. Metasploit https://www.metasploit.com/ DropTables Company https://beta.companieshouse.gov.uk/company/10542519 SQLMap http://sqlmap.org/ How I Chained 4 vulnerabilities on GitHub Enterprise - Orange Tsai http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html Malicious packages in npm. Here¡¯s what to do - Ivan Akulov https://iamakulov.com/notes/npm-malicious-packages/ Oscar Bolmsten on Twitter https://twitter.com/o_cee/status/892306836199800836
- 59. npm module sqlstring https://www.npmjs.com/package/sqlstring Exploit DB https://www.exploit-db.com/ Brian Clarke Security Course on Pluralsight https://www.pluralsight.com/courses/nodejs-security-express-angular-get-started/