dmitry boomov - hosting dashboard web application logic vulnerabilities
DESCRIPTION
TRANSCRIPT
![Page 1: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/1.jpg)
Fast Track
Уязвимости в логике работы веб-приложений панелей управления
хостинг-провайдеров
![Page 2: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/2.jpg)
-18
![Page 3: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/3.jpg)
![Page 4: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/4.jpg)
![Page 5: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/5.jpg)
![Page 6: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/6.jpg)
![Page 7: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/7.jpg)
DNS-сервер
![Page 8: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/8.jpg)
Баг или фича?
![Page 9: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/9.jpg)
ТОП-15 хостинг-провайдеров российского рынка
![Page 10: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/10.jpg)
Здесь были красивые таблички
Но теперь их нет
![Page 11: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/11.jpg)
Никому ненужная статистика
![Page 12: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/12.jpg)
Вектор #1
![Page 13: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/13.jpg)
Вектор #2ТиЦ + PR
Содержимое .htaccess:
![Page 14: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/14.jpg)
Вектор #2ТиЦ + PR
![Page 15: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/15.jpg)
Вектор #3MITM
![Page 16: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/16.jpg)
Сервис 1stat.ru
![Page 17: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/17.jpg)
Обратный резолвинг
• Yougetsignal.com (Domain List или API)• Bing.com (ip: 127.0.0.1)• Прочие сервисы и утилиты
![Page 18: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/18.jpg)
Способ защиты
![Page 19: Dmitry Boomov - Hosting dashboard web application logic vulnerabilities](https://reader033.vdocuments.us/reader033/viewer/2022061118/545ba021af7959795d8b6008/html5/thumbnails/19.jpg)
Спасибо за внимание
@i_bo0om
Дмитрий Bo0oM Бумов