AppSec EU 2017 Exploiting CORS Misconfigurations For Bitcoins And Bounties by James Kettle

No video

AppSec EU 2017 Exploiting CORS Misconfigurations For Bitcoins And Bounties by James Kettle

Рет қаралды 38,701

Күн бұрын

Cross-Origin Resource Sharing (CORS) is a mechanism for relaxing the Same Origin Policy to enable communication between websites via browsers. It's already widely understood that certain CORS configurations are dangerous. In this presentation, I'll skim over the old knowledge then coax out and share with you an array of under-appreciated but dangerous subtleties and implications buried in the CORS specification. I'll illustrate each of these with recent attacks on real websites, showing how I could have used them to steal bitcoins from two different exchanges, partially bypass Google's use of HTTPS, and requisition API keys from numerous others. I'll also show how CORS blunders can provide an invaluable link in crafting exploit chains to pivot across protocols, exploit the unexploitable via server and client-side cache poisoning, and even escalate certain open redirects into vulnerabilities that are actually notable.
-
Managed by the official OWASP Media Project www.owasp.org/...

Пікірлер: 28

@haythamkt5607 6 ай бұрын

The more I watch this man’s videos the more I respect him.

@tayfun6378 4 жыл бұрын

I smiled when I heard James' voice! love you man!

@RyanDewhurst 7 жыл бұрын

Great presentation and information!

@saurav2281 7 жыл бұрын

Very well explained..

@smiley_1000 3 жыл бұрын

This all seems more like an issue with the browser being all to happy to share secrets between sites rather than an issue with the sites themselves.

@8ytan Жыл бұрын

The browser by default does not allow cross-origin requests; these are all examples of sites specifically telling browsers that cross-origin requests should be allowed. The ability to permit certain cross-origin requests is incredibly useful and without it most services on the internet would break.

@tuandane82 Жыл бұрын

@@8ytan Does the CORS exploit work against the Authorization header as well, or only pass the session cookie?

@8ytan Жыл бұрын

@@tuandane82 in theory if you're using an authorisation header containing an access token to authenticate, then misconfigured CORS isn't a huge concern because attempts to exploit the weak CORS policy will lack a valid token and therefore fail. That said, it's still good practice to think about what origins, methods etc. will reasonably need to access your service and configure the CORS headers accordingly.

@shubham_srt 7 ай бұрын

@@tuandane82 as far as i know , yes it works

@pat049b 4 жыл бұрын

Amazing work!

@shubham_srt 7 ай бұрын

what if Cookies are set to lax but Access Control Allow Credentials is being sent as true. As Lax does not allow cookies to be set in XHR requests. how will the cookies be sent?

@somebody3014 4 ай бұрын

wondering about the same thing, did you find the answer?

@shubham_srt 4 ай бұрын

@@somebody3014 Hey man, Lax settings are prioritised. Even if one condition is false, the cookies are not sent. So in my question cookies will not be sent as even Allow Credentials are true, Cookies are LAX (one true condition and one false) No cookies will be sent. Hope that clears the doubt.

@yoshi5113 Жыл бұрын

My favorite hacker

@ar-uh1dj 4 жыл бұрын

Amazing presentation. Thumbs up

@Shmancy_pants_69 3 жыл бұрын

Could someone please explain to me 'the null' in this context and it what it means to not trust the null. thank you

@smiley_1000 3 жыл бұрын

did you even watch the presentation?

@hirapirika7456 6 жыл бұрын

WILL BITCOIN GET ATTACKED ?? IN FUTURE OR EXPLOITS ?

@nicoladellino8124 5 жыл бұрын

Nice video

@hackersguild8445 5 жыл бұрын

Great.:)

@syedumararfeen8146 7 жыл бұрын

Awesome

@jattboe8617 4 жыл бұрын

21:47

@pranjalruhela1103 Жыл бұрын

Zomato didn't reply because they are an Indian company.

@shubham_srt 7 ай бұрын

They have always replied to me within hours! Surprised to see James getting ghosted , kinda weird, but it was 2017, maybe suff was different back then