SlideShare uma empresa Scribd logo

Nobody knows-except-g4mm4

Xchym Hiệp
Xchym Hiệp

The title is not related with the content =]]

Tecnologia
1 de 21
Nobody knows... except g4mm4 http://hackerspace.vn Part I gamma95x40gmail.com
$ls -la ● Captcha re-riding attack ● SQL column truncation ● Header() without exit()/die() ● Sink functions
$whoami
$whoamimorning noon afternoon evening midnight
Captcha re-riding attack
Captcha re-riding attack
Captcha re-riding attack
SQL column truncation
SQL column truncation
SQL column truncation
SQL column truncation
SQL column truncation
Ex1: (register.php)
Ex2: (Login.php)
Real world example
Header() without exit()/die()
PHP sink functions array_diff_uassoc array_diff_ukey array_filter array_intersect_uassoc array_intersect_ukey array_map array_reduce array_udiff array_udiff_assoc array_udiff_uassoc array_uintersect array_uintersect_assoc array_uintersect_uassoc array_walk array_walk_recursive assert assert_options call_user_func call_user_func_array create_function dotnet_load forward_static_call forward_static_call_array eio_busy eio_chmod eio_chown eio_close eio_custom eio_dup2 eio_fallocate eio_fchmod eio_fchown eio_fdatasync eio_fstat eio_fstatvfs eval event_buffer_new event_set iterator_apply mb_ereg_replace mb_eregi_replace ob_start preg_filter preg_replace preg_replace_callback register_shutdown_function register_tick_function runkit_method_add runkit_method_copy runkit_method_redefine runkit_method_rename runkit_function_add runkit_function_copy runkit_function_redefine runkit_function_rename session_set_save_handler set_error_handler set_exception_handler spl_autoload spl_autoload_register sqlite_create_aggregate sqlite_create_function stream_wrapper_register uasort uksort usort yaml_parse yaml_parse_file yaml_parse_url
PHP sink functions
PHP sink functions
Questions?

Recomendados

Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...
Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...
Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...
Kazuki Yoshida
 
Emacs Key Bindings
Emacs Key BindingsEmacs Key Bindings
Emacs Key Bindings
Kazuki Yoshida
 
「Frama-Cによるソースコード検証」 (mzp)
「Frama-Cによるソースコード検証」 (mzp)「Frama-Cによるソースコード検証」 (mzp)
「Frama-Cによるソースコード検証」 (mzp)
Hiroki Mizuno
 
Vcs8
Vcs8Vcs8
Vcs8
Malikireddy Bramhananda Reddy
 
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);
Joel Porquet
 
Circular queue
Circular queueCircular queue
Circular queue
ShobhaHiremath8
 
Avl tree
Avl treeAvl tree
Avl tree
loyola ICAM college of engineering and technology
 
Final ds record
Final ds recordFinal ds record
Final ds record
Ganisius Ganish
 

Recomendados

Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...
Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...
Search and Replacement Techniques in Emacs: avy, swiper, multiple-cursor, ag,...
Kazuki Yoshida
 
Emacs Key Bindings
Emacs Key BindingsEmacs Key Bindings
Emacs Key Bindings
Kazuki Yoshida
 
「Frama-Cによるソースコード検証」 (mzp)
「Frama-Cによるソースコード検証」 (mzp)「Frama-Cによるソースコード検証」 (mzp)
「Frama-Cによるソースコード検証」 (mzp)
Hiroki Mizuno
 
Vcs8
Vcs8Vcs8
Vcs8
Malikireddy Bramhananda Reddy
 
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);
printf("%s from %c to Z, in %d minutes!\n", "printf", 'A', 45);
Joel Porquet
 
Circular queue
Circular queueCircular queue
Circular queue
ShobhaHiremath8
 
Avl tree
Avl treeAvl tree
Avl tree
loyola ICAM college of engineering and technology
 
Final ds record
Final ds recordFinal ds record
Final ds record
Ganisius Ganish
 
C program to implement linked list using array abstract data type
C program to implement linked list using array abstract data typeC program to implement linked list using array abstract data type
C program to implement linked list using array abstract data type
loyola ICAM college of engineering and technology
 
Stack Data Structure
Stack Data StructureStack Data Structure
Stack Data Structure
Er. Ganesh Ram Suwal
 
Php radomize
Php radomizePhp radomize
Php radomize
do_aki
 
Hacking parse.y (RubyConf 2009)
Hacking parse.y (RubyConf 2009)Hacking parse.y (RubyConf 2009)
Hacking parse.y (RubyConf 2009)
ujihisa
 
Taking Inspiration From The Functional World
Taking Inspiration From The Functional WorldTaking Inspiration From The Functional World
Taking Inspiration From The Functional World
Piotr Solnica
 
Message in a bottle
Message in a bottleMessage in a bottle
Message in a bottle
Konstantin Haase
 
What is python
What is pythonWhat is python
What is python
EU Edge
 
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
CODE BLUE
 
Memory management in cocos2d x - Le Duy Vu
Memory management in cocos2d x - Le Duy VuMemory management in cocos2d x - Le Duy Vu
Memory management in cocos2d x - Le Duy Vu
Framgia Vietnam
 
as400 built in function- %SCAN
as400 built in function- %SCANas400 built in function- %SCAN
as400 built in function- %SCAN
aminem_mp
 
Funcion matematica
Funcion matematicaFuncion matematica
Funcion matematica
Jhonny Wladimir Peñaloza Cabello
 
Array imp of list
Array imp of listArray imp of list
Array imp of list
Elavarasi K
 
Data Structures : array operations in c program
Data Structures : array operations in c program Data Structures : array operations in c program
Data Structures : array operations in c program
Raghavendra Narayan
 
Kotlin - Null safety
Kotlin - Null safetyKotlin - Null safety
Kotlin - Null safety
ss90311
 
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!..."A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
akaptur
 
Constructor and variables
Constructor and variablesConstructor and variables
Constructor and variables
JayanthiNeelampalli
 
Keynote, PHP World Kongress Munich
Keynote, PHP World Kongress MunichKeynote, PHP World Kongress Munich
Keynote, PHP World Kongress Munich
Pierre Joye
 
Double linked list
Double linked listDouble linked list
Double linked list
Sayantan Sur
 
Functional php
Functional phpFunctional php
Functional php
Jean Carlo Machado
 
Laziness in Swift
Laziness in Swift Laziness in Swift
Laziness in Swift
SwiftWro
 
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Mail.ru Group
 
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Mail.ru Group
 

Mais conteúdo relacionado

Mais procurados

What is python
What is pythonWhat is python
What is python
EU Edge
 
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
CODE BLUE
 
Memory management in cocos2d x - Le Duy Vu
Memory management in cocos2d x - Le Duy VuMemory management in cocos2d x - Le Duy Vu
Memory management in cocos2d x - Le Duy Vu
Framgia Vietnam
 
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!..."A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
akaptur
 

Mais procurados (20)

C program to implement linked list using array abstract data type
C program to implement linked list using array abstract data typeC program to implement linked list using array abstract data type
C program to implement linked list using array abstract data type
 
Stack Data Structure
Stack Data StructureStack Data Structure
Stack Data Structure
 
Php radomize
Php radomizePhp radomize
Php radomize
 
Hacking parse.y (RubyConf 2009)
Hacking parse.y (RubyConf 2009)Hacking parse.y (RubyConf 2009)
Hacking parse.y (RubyConf 2009)
 
Taking Inspiration From The Functional World
Taking Inspiration From The Functional WorldTaking Inspiration From The Functional World
Taking Inspiration From The Functional World
 
Message in a bottle
Message in a bottleMessage in a bottle
Message in a bottle
 
What is python
What is pythonWhat is python
What is python
 
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
[CB20] Reflex: you give me a parser, I give you a token generator by Paolo Mo...
 
Memory management in cocos2d x - Le Duy Vu
Memory management in cocos2d x - Le Duy VuMemory management in cocos2d x - Le Duy Vu
Memory management in cocos2d x - Le Duy Vu
 
as400 built in function- %SCAN
as400 built in function- %SCANas400 built in function- %SCAN
as400 built in function- %SCAN
 
Funcion matematica
Funcion matematicaFuncion matematica
Funcion matematica
 
Array imp of list
Array imp of listArray imp of list
Array imp of list
 
Data Structures : array operations in c program
Data Structures : array operations in c program Data Structures : array operations in c program
Data Structures : array operations in c program
 
Kotlin - Null safety
Kotlin - Null safetyKotlin - Null safety
Kotlin - Null safety
 
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!..."A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
"A 1,500 line (!!) switch statement powers your Python!" - Allison Kaptur, !!...
 
Constructor and variables
Constructor and variablesConstructor and variables
Constructor and variables
 
Keynote, PHP World Kongress Munich
Keynote, PHP World Kongress MunichKeynote, PHP World Kongress Munich
Keynote, PHP World Kongress Munich
 
Double linked list
Double linked listDouble linked list
Double linked list
 
Functional php
Functional phpFunctional php
Functional php
 
Laziness in Swift
Laziness in Swift Laziness in Swift
Laziness in Swift
 

Semelhante a Nobody knows-except-g4mm4

Introduction to PHP 5.3
Introduction to PHP 5.3Introduction to PHP 5.3
Introduction to PHP 5.3
guestcc91d4
 
Sql Injection Attacks(Part1 4)
Sql Injection Attacks(Part1 4)Sql Injection Attacks(Part1 4)
Sql Injection Attacks(Part1 4)
Hongyang Wang
 

Semelhante a Nobody knows-except-g4mm4 (20)

Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
 
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
 
Review unknown code with static analysis - bredaphp
Review unknown code with static analysis - bredaphpReview unknown code with static analysis - bredaphp
Review unknown code with static analysis - bredaphp
 
The why and how of moving to php 5.4/5.5
The why and how of moving to php 5.4/5.5The why and how of moving to php 5.4/5.5
The why and how of moving to php 5.4/5.5
 
An introduction to PHP 5.4
An introduction to PHP 5.4An introduction to PHP 5.4
An introduction to PHP 5.4
 
Lisp Macros in 20 Minutes (Featuring Clojure)
Lisp Macros in 20 Minutes (Featuring Clojure)Lisp Macros in 20 Minutes (Featuring Clojure)
Lisp Macros in 20 Minutes (Featuring Clojure)
 
Preparing for the next PHP version (5.6)
Preparing for the next PHP version (5.6)Preparing for the next PHP version (5.6)
Preparing for the next PHP version (5.6)
 
CLI, the other SAPI phpnw11
CLI, the other SAPI phpnw11CLI, the other SAPI phpnw11
CLI, the other SAPI phpnw11
 
How to write not breakable unit tests
How to write not breakable unit testsHow to write not breakable unit tests
How to write not breakable unit tests
 
The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5
 
Introduction to PHP 5.3
Introduction to PHP 5.3Introduction to PHP 5.3
Introduction to PHP 5.3
 
Driver Debugging Basics
Driver Debugging BasicsDriver Debugging Basics
Driver Debugging Basics
 
Александр Трищенко: PHP 7 Evolution
Александр Трищенко: PHP 7 EvolutionАлександр Трищенко: PHP 7 Evolution
Александр Трищенко: PHP 7 Evolution
 
Diving into HHVM Extensions (php[tek] 2016)
Diving into HHVM Extensions (php[tek] 2016)Diving into HHVM Extensions (php[tek] 2016)
Diving into HHVM Extensions (php[tek] 2016)
 
Linux Command Line
Linux Command LineLinux Command Line
Linux Command Line
 
A little systemtap
A little systemtapA little systemtap
A little systemtap
 
A little systemtap
A little systemtapA little systemtap
A little systemtap
 
Дмитрий Демчук. Кроссплатформенный краш-репорт
Дмитрий Демчук. Кроссплатформенный краш-репортДмитрий Демчук. Кроссплатформенный краш-репорт
Дмитрий Демчук. Кроссплатформенный краш-репорт
 
Price of an Error
Price of an ErrorPrice of an Error
Price of an Error
 
Sql Injection Attacks(Part1 4)
Sql Injection Attacks(Part1 4)Sql Injection Attacks(Part1 4)
Sql Injection Attacks(Part1 4)
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Nobody knows-except-g4mm4