:~$ whoami

Andrea Valenza (AvalZ)

Ph.D. Student @ DIBRIS

Vulnerability Assessment of Web Applications


Web

What is the Web?


Client-Server Paradigm

Security model

NEVER TRUST THE CLIENT



Client Side Checks


{style=”background-color:white”}


{style=”background-color:white”}


{style=”background-color:white”}


{style=”background-color:white”}


Bypassing Client Side Checks


{style=”background-color:white”}


{style=”background-color:white”}


{style=”background-color:white”}


{style=”background-color:white”}


[ZHA] Client Side Validation

Submit a password longer than 10 characters


HTTP Protocol

HyperText Transfer Protocol

Resource exchange over the Internet


HTTP Methods


URLs

Uniform Resource Locator

A reference to a resource on a network

and how to retrieve it.


scheme:[//authority]path[?query][#fragment]

authority := [[email protected]]host[:port]


Sample URL

https://avalz:[email protected]/page.php?id=1&some=thing#websec


HTTP Request


HTTP Response


[ZHA] Identify yourself

Make the server accept your request

Sessions and Logins

Basic authentication

base64(username:password)

Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l

Challenge: get the original credentials!


Set-Cookie: name=value

Optional fields:


[ZHA] Old School Login

Log in as “admin”

Recon


Info Gathering

Amazena

The zeneise book shop

“Stay home and send us money”

All challenges available at ZenHackAdemy


Sanity Check

This one is really easy, just open the challenge and you’re done!


Barbie

{height=250px}

Purchase item “Barbie - Principessa dell’Isola Perduta” with any valid account.


Computer Security

{height=250px}

Purchase the unavailable “Esami di Computer Security” with any valid account.


Incident Response

{height=250px}

Purchase Incident Response with the [email protected] account.


Bonus challenge

Find all the hidden books

HINT: every book has a numeric ID

Try this at home!

Root Me --- Web - Client

https://root-me.org