Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in ...
Transcript of Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in ...
![Page 2: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/2.jpg)
![Page 3: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/3.jpg)
![Page 4: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/4.jpg)
![Page 5: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/5.jpg)
![Page 6: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/6.jpg)
![Page 7: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/7.jpg)
![Page 8: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/8.jpg)
![Page 9: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/9.jpg)
![Page 10: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/10.jpg)
![Page 11: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/11.jpg)
![Page 12: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/12.jpg)
![Page 13: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/13.jpg)
![Page 14: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/14.jpg)
![Page 15: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/15.jpg)
Attacker
Bank
![Page 16: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/16.jpg)
• Document Access • Object Access • Ajax Requests • Data Leakage
![Page 17: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/17.jpg)
• <img src=“[[URL]]”> • <link rel href=“[[URL]]”> • <script src=“[[URL]]”> [[External resources]]
Go Ahead
![Page 18: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/18.jpg)
![Page 19: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/19.jpg)
![Page 20: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/20.jpg)
![Page 21: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/21.jpg)
//XML.. <xml> <person> <name>john</name> <credit>34</credit> </person> </xml>
![Page 22: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/22.jpg)
![Page 23: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/23.jpg)
var person = {“name”:”John”,”credit”:34}
![Page 24: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/24.jpg)
person.name == “John” person.credit == 34
1. person = RequestData
2. {“name”:”John”,”credit”:34}
![Page 25: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/25.jpg)
Easy
Fast Light
![Page 26: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/26.jpg)
www.telize.com/geoip?callback=getgeoip
![Page 27: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/27.jpg)
http://benhayak.com
![Page 28: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/28.jpg)
http://benhayak.com
![Page 29: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/29.jpg)
http://benhayak.com
![Page 30: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/30.jpg)
• <img src=“[[URL]]”> • <link rel href=“[[URL]]”> • <script src=“[[URL]]”> [[External resources]]
Go Ahead
![Page 31: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/31.jpg)
<script src= “http://external/geo?callback=getgeoip”>
![Page 32: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/32.jpg)
![Page 33: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/33.jpg)
![Page 34: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/34.jpg)
![Page 35: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/35.jpg)
![Page 36: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/36.jpg)
![Page 37: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/37.jpg)
![Page 38: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/38.jpg)
![Page 39: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/39.jpg)
![Page 40: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/40.jpg)
![Page 41: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/41.jpg)
![Page 42: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/42.jpg)
![Page 43: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/43.jpg)
![Page 44: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/44.jpg)
SOM
E
![Page 45: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/45.jpg)
.
![Page 46: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/46.jpg)
![Page 47: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/47.jpg)
![Page 48: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/48.jpg)
![Page 49: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/49.jpg)
SOM
E
![Page 50: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/50.jpg)
![Page 51: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/51.jpg)
![Page 52: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/52.jpg)
![Page 53: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/53.jpg)
![Page 54: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/54.jpg)
![Page 55: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/55.jpg)
<script src= “http://emailservice/contacts?callback= ” >
initTable Test Attack
Function initTable(jsondata) { //doSomething in www.google.com (example) }
![Page 56: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/56.jpg)
text/javascript
![Page 57: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/57.jpg)
AttackerInput();
![Page 58: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/58.jpg)
![Page 59: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/59.jpg)
![Page 60: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/60.jpg)
![Page 61: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/61.jpg)
![Page 62: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/62.jpg)
![Page 63: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/63.jpg)
Callback=<XSS>aaa
Only [A-Za-z0-9.] allowed
Callback=;alert()
![Page 64: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/64.jpg)
Setup the Environment
![Page 65: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/65.jpg)
1. Redirect MAIN
![Page 66: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/66.jpg)
Share
1. Redirect MAIN
![Page 67: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/67.jpg)
Share
2. Redirect placeholder to SOME
![Page 68: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/68.jpg)
Share
2. Redirect placeholder to SOME
Are you sure?
Yes No
![Page 69: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/69.jpg)
Are you sure?
Yes No
3. Redirect 2nd placeholder to SOME
![Page 70: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/70.jpg)
Your Album is now Public
Mission Accomplished
![Page 71: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/71.jpg)
![Page 72: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/72.jpg)
![Page 73: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/73.jpg)
We don’t need them
![Page 74: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/74.jpg)
We only need alphanumeric and a dot
![Page 75: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/75.jpg)
We can use Windows
![Page 76: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/76.jpg)
Use a popup bypass
![Page 77: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/77.jpg)
No restrictions when using windows
![Page 78: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/78.jpg)
![Page 80: Ben Hayak - Black Hat | Home... initTableAttackTest Function initTable(jsondata) { //doSomething in (example) }](https://reader036.fdocuments.in/reader036/viewer/2022071214/60426cc8e550a462a568637b/html5/thumbnails/80.jpg)