[Defcon Russia #29] Алексей Тюрин - Spring autobinding

•Download as PPTX, PDF•

0 likes•793 views

В Spring MVC есть классная фича — autobinding. Но если пользоваться ей неправильно, могут появиться «незаметные» уязвимости, иногда с серьёзным импактом. Рассмотрим пару примеров, углубимся в тонкости появления autobinding-багов. Writeup [ENG]: http://agrrrdog.blogspot.ru/2017/03/autobinding-vulns-and-spring-mvc.html

Internet

Spring MVC
and
Autobinding vulns
Digital Security
Alexey GreenDog Tyurin
@antyurin

Model
Defcon Russia (DCG #7812) 3
• Store info for the view
• Map
• “string”->object

Autobinding
Defcon Russia (DCG #7812) 4
Binding params to object fields
Converter

Autobinding vuln
Defcon Russia (DCG #7812) 5
https://o2platform.files.wordpress.com/2011/07/ounce_springframework_vulnerabilities.pdf

Autobinding vuln
Defcon Russia (DCG #7812) 6
https://o2platform.files.wordpress.com/2011/07/ounce_springframework_vulnerabilities.pdf

More magic with annotations
Defcon Russia (DCG #7812) 7
@ModelAttribute on a method argument
“An @ModelAttribute on a method argument indicates the argument
should be retrieved from the model “…
http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/mvc.html

More magic with annotations
Defcon Russia (DCG #7812) 8
@ModelAttribute on a method
“An @ModelAttribute on a method indicates the purpose of that
method is to add one or more model attributes. @ModelAttribute
methods in a controller are invoked before @RequestMapping
methods”
http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/mvc.html#mvc-
ann-modelattrib-method-args

More magic with annotations
Defcon Russia (DCG #7812) 9
@SessionAttribute for controller
“The type-level @SessionAttributes annotation declares session
attributes used by a specific handler. This will typically list the names of
model attributes or types of model attributes which should be
transparently stored in the session”

More magic with redirects
Defcon Russia (DCG #7812) 10
FlashAttribute
“Flash attributes provide a way for one request to store attributes
intended for use in another.”
http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/mvc.html

More magic with annotations
Defcon Russia (DCG #7812) 11
@ModelAttribute on a method argument
“An @ModelAttribute on a method argument indicates the argument
should be retrieved from the model. If not present in the model, the
argument should be instantiated first and then added to the model.
Once present in the model, the argument's fields should be
populated from all request parameters that have matching names.”
– is a wrong/dangerous way to get value from the model.
Because: at first - retrieving , then autobinding.

Ex 2. The First School of Bulimia
Defcon Russia (DCG #7812) 12

Ex 2. The First School of Bulimia
Defcon Russia (DCG #7812) 13

Ex 2. The First School of Bulimia
Defcon Russia (DCG #7812) 14

Ex 2. The First School of Bulimia
Defcon Russia (DCG #7812) 15

Populating
Defcon Russia (DCG #7812) 16
Befor in Model:
“user” ={username = “Vasia”
pass = “P@ssw0rd”
weight= 100}
Autobinding:
After in Model:
“user” ={ username = “lalallalala”
pass = “P@ssw0rd”
weight= 100 }

Example 1. Justice League
Defcon Russia (DCG #7812) 17

Example 1. Justice League
Defcon Russia (DCG #7812) 18

Example 1. Justice League
Defcon Russia (DCG #7812) 19

Example 1. Justice League
Defcon Russia (DCG #7812) 20
• More magic? No @ModelAttribute
• Spring MVC is IoC and too smart?

Example 1. Justice League
Defcon Russia (DCG #7812) 21

Other real examples?
Defcon Russia (DCG #7812) 22
• Github
• Articles
• Nothing interesting?

Blackbox testing
Defcon Russia (DCG #7812) 23
• Errors
• Collect all parameter names
Use them for all entry points
Check difference
• Strange names or arrays, hashmaps

Q&A
Defcon Russia (DCG #7812) 24
https://twitter.com/antyurin
https://github.com/grrrdog

What's hot

Vhdl

Neeraj Gupta

Static Code Analysis for Projects, Built on Unreal Engine

Andrey Karpov

Digital system design practical file

Archita Misra

What has to be paid attention when reviewing code of the library you develop

Andrey Karpov

Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems

Andrey Karpov

DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique

Chong-Kuan Chen

Using static code analysis tools and detecting and fixing identified issues is very important in order to improve the quality and security of the code baseline. CodeChecker (https://github.com/Ericsson/codechecker ) is an open source analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. It provides a number of additional features: - Good visualization of problems in the code - Overview of results for the whole product - Filtering - Cross translational unit analysis and statistical checkers support - Suppression handling - And many others... These features simplify the follow up of results and make it more efficient. In the video, an overview of features and capabilities of CodeChecker is demonstrated as well as a description and recommendation of how to introduce new tools. Recording of the demo: https://youtu.be/sQ2Qj0kHoRY published in C++ Dublin User group https://www.youtube.com/channel/UCZ4UNE_1IMUFfAhcdq7CMOg/ Useful links: open source project: https://github.com/Ericsson/codechecker http://codechecker-demo.eastus.cloudapp.azure.com/login.html# demo/demo https://codechecker.readthedocs.io/en/latest/ http://clang-analyzer.llvm.org/available_checks.html http://clang.llvm.org/extra/clang-tidy/checks/list.html Other related videos about Clang Static Analyzer and CodeChecker that goes a bit more deeply into how Clang Static Analyzer works: Clang Static Analysis - Meeting C++ 2016 Gabor Horvath https://www.youtube.com/watch?v=UcxF6CVueDM CppCon 2016: Gabor Horvath “Make Friends with the Clang Static Analysis Tools" https://www.youtube.com/watch?v=AQF6hjLKsnM

CodeChecker Overview Nov 2019

Olivera Milenkovic

Digital System Design Lab Report - VHDL ECE

Ramesh Naik Bhukya

Veriloggen.Stream: データフローからハードウェアを作る（2018年3月3日高位合成友の会第5回 @東京工業大学）

Shinya Takamaeda-Y

Dsd lab Practical File

Soumya Behera

PVS-Studio is ready to improve the code of Tizen operating system

Andrey Karpov

Crange is a tool to index and cross-reference C/C++ source code. It can be used to generate tags database that can help with: * Identifier definitions * Identifier declaraions * References * Expressions * Operators * Symbols * Source range The source metadata collected by Crange can help with building tools to provide cross-referencing, syntax highlighting, code folding and deep source code search.

Crange: Clang based tool to index and cross-reference C/C++ source code

Anurag Patel

Vhdl lab manual

Mukul Mohal

Programs of VHDL

Rkrishna Mishra

Performs code analysis in C, C++, C++/CLI, C++/CX, C#. Plugin for Visual Studio 2010-2015. Integration with SonarQube, QtCreator, CLion, Eclipse CDT, Anjuta DevStudio and so on. Standalone utility. Direct integration of the analyzer into the systems of build automation and the BlameNotifier utility (e-mail notification). Automatic analysis of modified files. Great scalability. Why do people need code analyzers?

PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017

Andrey Karpov

DevDay: Managing Private Algorithms in SGX Enclaves, University of Oxford

03 vhdl

pikkuo

GCC

Kir Chou

Online Approximate OLAP in SparkSQL

DataWorks Summit

PKCS11

Byeong Yeong Jeong

What's hot (20)

Vhdl

Static Code Analysis for Projects, Built on Unreal Engine

Digital system design practical file

What has to be paid attention when reviewing code of the library you develop

Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems

DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique

CodeChecker Overview Nov 2019

Digital System Design Lab Report - VHDL ECE

Veriloggen.Stream: データフローからハードウェアを作る（2018年3月3日高位合成友の会第5回 @東京工業大学）

Dsd lab Practical File

PVS-Studio is ready to improve the code of Tizen operating system

Crange: Clang based tool to index and cross-reference C/C++ source code

Vhdl lab manual

Programs of VHDL

PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017

DevDay: Managing Private Algorithms in SGX Enclaves, University of Oxford

03 vhdl

GCC

Online Approximate OLAP in SparkSQL

PKCS11

Viewers also liked

Intel Boot Guard — аппаратно поддержанная технология верификации подлинности BIOS, которую вендор компьютерной системы может встроить на этапе производства. Докладчик представит результаты анализа технологии, расскажет об её эволюции. Слушатели узнают, как годами клонируемая ошибка на производстве нескольких вендоров позволяет потенциальному злоумышленнику воспользоваться этой технологией для создания в системе неудаляемого (даже программатором!) скрытого руткита. Github: https://github.com/flothrone/bootguard

[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...

DefconRussia

Руткиты в мире основанных на ядре Linux операционных систем уже не являются редкостью. Рассказ будет о том, как попытки в современных реалиях определить то, скомпрометирована ли система, привели к неожиданному результату.

[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux

DefconRussia

Георгий Зайцев - Reversing golang

DefconRussia

Cisco network equipment has always been an attractive attack target due to its prevalence and the key role that it plays in network structure and security. This equipment is based on a wide variety of OS (firmware) architectures, types, and versions, so it is much harder to develop a universal shellcode. Publicly available Cisco IOS shellcodes are tailored to specific equipment, have narrow functionality, and are not exactly useful for penetration testing. This talk is the presentation of a research initiated by our research center to create a shellcode which is as easily portable between different IOS firmwares as possible and which provides a lot of pentesting features because it can dynamically change the shellcode destination at the stage of post-exploitation. We will also consider the possibility of creating a worm which could spread across the infrastructure, from firewall to router, from router to switch, etc.

Cisco IOS shellcode: All-in-one

DefconRussia

Мы поговорим об общей проблеме валидации входных данных и качестве их обработки. Интерпретация входящих данных оказывает прямое влияние на решения, принимаемые в физической инфраструктуре: если какая-либо часть данных обрабатывается недостаточно аккуратно, это может повлиять на эффективность и безопасность процесса. В этой беседе мы обсудим атаки на процесс обработки данных и природу концепции «never trust your inputs» в контексте информационно-физических систем (в общем смысле, то есть любых подобных систем). Для иллюстрации проблемы мы используем уязвимости аналого-цифровых преобразователей (АЦП), которые можно заставить выдавать поддельный цифровой сигнал с помощью изменения частоты и фазы входящего аналогового сигнала: ошибка масштабирования такого сигнала может вызывать целочисленное переполнение и дает возможность эксплуатировать уязвимости в логике PLC/встроенного ПО. Также мы покажем реальные примеры использования подобных уязвимостей и последствия этих нападений.

[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC

DefconRussia

Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...

DefconRussia

static - defcon russia 20

DefconRussia

Advanced cfg bypass on adobe flash player 18 defcon russia 23

DefconRussia

Attacks on tacacs - Алексей Тюрин

DefconRussia

Nedospasov defcon russia 23

DefconRussia

Miasm defcon russia 23

DefconRussia

Расскажу где и как iCloud Keychain хранит пароли, и какие потенциальные риски это несёт. Apple утверждает, что пароли надежно защищены, и даже её сотрудники не могут получить к ним доступ. Чтобы это подтвердить или опровергнуть, необходимо разобраться с внутренним устройством iCloud Keychain, чем мы и займемся.

Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...

DefconRussia

Vm ware fuzzing - defcon russia 20

DefconRussia

Zn task - defcon russia 20

DefconRussia

HTTP HOST header attacks

DefconRussia

Managing Indicator Deprecation in ThreatConnect

ThreatConnect

Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel itself, Cilium security policies can be applied and updated without any changes to the application code or container configuration.

Linux Native, HTTP Aware Network Security

Thomas Graf

As organizations assess the security of their information systems, the need for automation has become more and more apparent. Not only are organizations attempting to automate their assessments, the need is becoming more pressing to perform assessments centrally against large numbers of enterprise systems. Penetration testers can use this automation to make their post-exploitation efforts more thorough, repeatable, and efficient. Defenders need to understand the techniques attackers are using once an initial compromise has occurred so they can build defenses to stop the attacks. Microsoft's PowerShell scripting language has become the defacto standard for many organizations looking to perform this level of distributed automation. In this presentation James Tarala, of Enclave Security, will describe to students the enterprise capabilities PowerShell offers and show practical examples of how PowerShell can be used to perform large scale penetration tests of Microsoft Windows systems.

Automating Post Exploitation with PowerShell

EnclaveSecurity

Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000

CTruncer

This presentation will explore some of the teachings from the young field of behavioral game theory, which empirically measures how humans behave in games, as an improvement upon prior discussions involving traditional Game Theory models in which humans are considered perfectly rational. I will use behavioral game theory to examine how people’s natural cognitive biases lead to sub-optimal behavior in their decision-making processes in adversarial games – and specifically processes related to playing defense in the information security “game.” I will detail various sorts of games in which this sub-optimal performance manifests, how humans cognitively approach these games and touch on some of the algorithms, such as self-tuning EWAs, that help predict how people will behave in certain defender-attacker-defender (DAD) games. Finally, I will explore what sort of strategies and counter-measures can be implemented to improve defense’s performance in DAD games, incorporating techniques such as belief prompting, improved incorporation of information and decision trees.

Volatile Memory: Behavioral Game Theory in Defensive Security

Kelly Shortridge

Viewers also liked (20)

[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...

[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux

Георгий Зайцев - Reversing golang

Cisco IOS shellcode: All-in-one

[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC

Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...

static - defcon russia 20

Advanced cfg bypass on adobe flash player 18 defcon russia 23

Attacks on tacacs - Алексей Тюрин

Nedospasov defcon russia 23

Miasm defcon russia 23

Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...

Vm ware fuzzing - defcon russia 20

Zn task - defcon russia 20

HTTP HOST header attacks

Managing Indicator Deprecation in ThreatConnect

Linux Native, HTTP Aware Network Security

Automating Post Exploitation with PowerShell

Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000

Volatile Memory: Behavioral Game Theory in Defensive Security

Similar to [Defcon Russia #29] Алексей Тюрин - Spring autobinding

Static Analysis in IDEA

HamletDRC

GraphQL is query language for APIs, but what are the advantages and how would one implement such in their microservices/APIs. In this session, I will go through the basics of GraphQL, different aspects of GraphQL and architecture of such APIs. There will be a demo/live-coding on, how 4 different ways we can implement GraphQL for a Springboot microservice/API. Lots of examples, live coding and helpful comparison on structure, usage and implementations of GraphQL in Springboot & Java world.

GraphQL-ify your APIs

Soham Dasgupta

GraphQL-ify your API - JFall 2022

Soham Dasgupta

cs320_final_project_codemedicalApplication.classpathcs320_.docx

mydrynan

7.4. Show impact [bug bounties]

defconmoscow

Basics of AngularJS

Filip Janevski

GraphQL_devoxx_2023.pptx

Soham Dasgupta

Gradle is easy to use for building standard Java projects, but it’s rare to find a project that is completely standard. Whenever you have some custom requirement, you need to start using Gradle’s power features. It’s at that point that you can find yourself producing an unmaintainable mess and a hard-to-use build. This talk will start by explaining Gradle’s model, which you need to understand if you want to retain control over your builds. I will then introduce you to some simple but effective guidelines that will ensure that your builds stay clean and effective.

Improving your Gradle builds

World of CSS Grid

Spring Web MVC

React

Ada Sharoni (Software Engineering Architect) @ Hunters: Imagine you had to manage thousands of Spark applications that are automatically spinning up on-demand upon every customer interaction. Our unique constraints in Hunters have led us to adopt an architecture and concepts that we believe many other companies will find useful. In this lecture we will share our solutions and insights in running many lightweight, cheap Spark applications on Kubernetes, that can easily survive frequent restarts and smartly share resources on Spot EC2 instances.

Lessons Learnt from Running Thousands of On-demand Spark Applications

Itai Yaffe

Using the Tooling API to Generate Apex SOAP Web Service Clients

Salesforce Developers

Droidcon Berlin Barcamp 2016

Przemek Jakubczyk

Cleaning your architecture with android architecture components

Debora Gomez Bertoli

You might’ve heard of Angular Schematics, but do you know what they do? Learn how you can use this powerful tool to develop workflows and simplify configurations for your Angular projects. In this session, you'll learn how to create a schematic, how to test it, and how you can use them with non-Angular projects. * YouTube video: https://youtu.be/bLLJqagO_dg * Blog post: https://developer.okta.com/blog/2019/02/13/angular-schematics * GitHub repo: https://github.com/oktadeveloper/schematics

A Gentle Introduction to Angular Schematics - Devoxx Belgium 2019

Matt Raible

GumGum relies heavily on Cassandra for storing different kinds of metadata. Currently GumGum reaches 1 billion unique visitors per month using 3 Cassandra datacenters in Amazon Web Services spread across the globe. This presentation will detail how we scaled out from one local Cassandra datacenter to a multi-datacenter Cassandra cluster and all the problems we encountered and choices we made while implementing it. How did we architect multi-region Cassandra in AWS? What were our experiences in implementing multi-datacenter Cassandra? How did we achieve low latency with multi-region Cassandra and the Datastax Driver? What are the different Cassandra use cases at GumGum? How did we integrate our Cassandra with Spark?

GumGum: Multi-Region Cassandra in AWS

DataStax Academy

Sql exception and class notfoundexception

Rohit Singh

Java Web Programming [5/9] : EL, JSTL and Custom Tags

IMC Institute

Reversing JavaScript

Roberto Suggi Liverani

Similar to [Defcon Russia #29] Алексей Тюрин - Spring autobinding (20)

Static Analysis in IDEA

GraphQL-ify your APIs

GraphQL-ify your API - JFall 2022

cs320_final_project_codemedicalApplication.classpathcs320_.docx

7.4. Show impact [bug bounties]

Basics of AngularJS

GraphQL_devoxx_2023.pptx

Improving your Gradle builds

World of CSS Grid

Spring Web MVC

React

Lessons Learnt from Running Thousands of On-demand Spark Applications

Using the Tooling API to Generate Apex SOAP Web Service Clients

Droidcon Berlin Barcamp 2016

Cleaning your architecture with android architecture components

A Gentle Introduction to Angular Schematics - Devoxx Belgium 2019

GumGum: Multi-Region Cassandra in AWS

Sql exception and class notfoundexception

Java Web Programming [5/9] : EL, JSTL and Custom Tags

Reversing JavaScript

More from DefconRussia

Все шире и шире получают распространение bugbounty программы - программы вознаграждения за уязвимости различных вендоров. И порой при поиске уязвимостей находятся места, которые явно небезопасны (например - self XSS), но доказать от них угрозу сложно. Но чем крупнее (хотя, скорее адекватнее) вендор, тем они охотнее обсуждают и просят показать угрозу от сообщенной уязвимости, и при успехе – вознаграждают 8). Мой доклад – подборка таких сложных ситуаций и рассказ, как же можно доказать угрозу.

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях

DefconRussia

Мои последние исселодования показали, что у SharePoint есть определенное количество вэб сервисов, которые могут помочь аудитору собрать крайне полезную информацию с сайта (списки пользователей, групп, ролей и т д). Также данные сервисы, в комбинации с хранимыми XSS, могут быть использованы для вертикального повышения привилегий или предоставить информацию для компрометации доменных записей AD.

George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...

DefconRussia

Кратко расскажу о концепции изолированных сетей и возможных путях их компрометации. Сделаю обзор аппаратной закладки pwnie express- для чего создавалось, какие возможности использования. Расскажу о том как pwnie express применялась в реальном проекте, какие были трудности и что из этого вышло.

Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...

DefconRussia

Alexey Sintsov- SDLC - try me to implement

DefconRussia

Anton Alexanenkov - Tor and Botnet C&C

DefconRussia

Tyurin Alexey - NTLM. Part 1. Pass-the-Hash

DefconRussia

Roman Korkikyan - Timing analysis workshop Part 2 Scary

DefconRussia

Roman Korkikyan - Timing analysis workshop Part 2 Practice

DefconRussia

Roman Korkikyan - Timing analysis workshop Part 1 Theory

DefconRussia

Peter Hlavaty - DBIFuzz

DefconRussia

Vadim Bardakov - AVR & MSP exploitation

DefconRussia

Tomas Hlavacek - IP fragmentation attack on DNS

DefconRussia

More from DefconRussia (12)

Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях

George Lagoda - Альтернативное использование вэб сервисов SharePoint со сторо...

Taras Tatarinov - Применение аппаратных закладок pwnie express на примере реа...

Alexey Sintsov- SDLC - try me to implement

Anton Alexanenkov - Tor and Botnet C&C

Tyurin Alexey - NTLM. Part 1. Pass-the-Hash

Roman Korkikyan - Timing analysis workshop Part 2 Scary

Roman Korkikyan - Timing analysis workshop Part 2 Practice

Roman Korkikyan - Timing analysis workshop Part 1 Theory

Peter Hlavaty - DBIFuzz

Vadim Bardakov - AVR & MSP exploitation

Tomas Hlavacek - IP fragmentation attack on DNS

Recently uploaded

APNIC Updates presented by Paul Wilson at ARIN 53

APNIC

哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查【Q/微信741003700】原版仿制全套留学文凭材料（毕业证/成绩单（GPA成绩修改）/文凭学历证书/在读证明、毕业完成信、Offer录取通知书)；（真实可查）教育部学历认证、留信网认证、文凭认证、diploma、certificate、Degree、Transcript（实体公司，专业可靠）。 1:1完美还原海外各大学证书上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700。留学生归国服务中心面向美国英国澳洲加拿大留学生提供以下服务: 一、办理毕业证成绩单（学校原版1：1高仿真制作）二、留信认证（留学回国人员学历认证，网上存档可查，查到后付款）三、教育部学历认证（中国教育部留服中心存档可查,查到后付款）办理流程 1、收集客户办理信息； 2、客户付定金下单、公司确认到账转制作点做电子版； 3、电子版做好发给客户确认、电子版确认好转成品部做成品； 4、成品做好拍照或者视频确认再付余款； 5、快递给客户（国内顺丰，国外DHL）。本公司诚聘美国、加拿大、英国、新西兰、澳洲、法国、德国、新加坡各地代理人员，如果你有业余时间有兴趣就请联系我们校园代理，报酬丰厚。真诚期待您的加盟。请联系本公司学历认证顾问(QQ：741003700 微信：741003700)欢迎咨询！最专业的学历顾问，最有经验的顶尖OP为广大留学生的归国之路保卫护航！

哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查

ydyuyu

Meaning of On page SEO & its process in detail.

krishnachandrapal52

20240510 QFM016 Irresponsible AI Reading List April 2024.pdf

Matthew Sinclair

学校颁发一模一样【微信：95270640 】【(Flinders毕业证书)弗林德斯大学毕业证成绩单】【微信：95270640 】学位证，留信认证（真实可查，永久存档）原件一模一样/offer、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原。 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问微信：95270640 【主营项目】一.毕业证【微信：95270640】成绩单、使馆认证、教育部认证、学生卡等！二.真实使馆公证(即留学回国人员证明,不成功不收费) 三.真实教育部学历学位认证（教育部存档！教育部留服网站永久可查）四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度) 如果您处于以下几种情况： ◇在校期间，因各种原因未能顺利毕业……拿不到官方毕业证【微信：95270640】 ◇面对父母的压力，希望尽快拿到； ◇不清楚认证流程以及材料该如何准备； ◇回国时间很长，忘记办理； ◇回国马上就要找工作，办给用人单位看； ◇企事业单位必须要求办理的 ◇需要报考公务员、购买免税车、落转户口 ◇申请留学生创业基金留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才办理Flinders毕业证书)弗林德斯大学【微信：95270640】外观非常简单，由纸质材料制成，上面印有校徽、校名、毕业生姓名、专业等信息。办理Flinders毕业证书)弗林德斯大学【微信：95270640】格式相对统一，各专业都有相应的模板。通常包括以下部分：校徽：象征着学校的荣誉和传承。校名:学校英文全称授予学位：本部分将注明获得的具体学位名称。毕业生姓名：这是最重要的信息之一，标志着该证书是由特定人员获得的。颁发日期：这是毕业正式生效的时间，也代表着毕业生学业的结束。其他信息：根据不同的专业和学位，可能会有一些特定的信息或章节。办理Flinders毕业证书)弗林德斯大学毕业证价值很高，需要妥善保管。一般来说，应放置在安全、干燥、防潮的地方，避免长时间暴露在阳光下。如需使用，最好使用复印件而不是原件，以免丢失。综上所述，办理Flinders毕业证书)弗林德斯大学毕业证是证明身份和学历的高价值文件。外观简单庄重，格式统一，包括重要的个人信息和发布日期。对持有人来说，妥善保管是非常重要的。

一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样

ayvbos

20240507 QFM013 Machine Intelligence Reading List April 2024.pdf

Matthew Sinclair

"Boost Your Digital Presence: Partner with a Leading SEO Agency"

growthgrids

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts. A nutshell review for Hot Call girls in Abu Dhabi. My experience was superb with them this is the only recommended Call girls service in Abu Dhabi with verified Call girls. I am using their services from past 6 months they never ever disappointed me in any way. Let's just say if i asked them to provide me russian Call girls they fulfilled my request or even pakistani Call girls or indian Call girls in Abu Dhabi. They have their owen drivers who brings the Call girls in less time in any area of Abu Dhabi like as well. I'm writing here everything after experience their services in all conditions. So hopefully they will keeps working in the same way and makes more consumers like me. These guys are the best example of work with perfection. Pleased with Abu Dhabi Call girls and highly suggested to every one. Call girls whatsapp numbers in abu dhabi. Rent a girlfriend abu dhabi, stylish call girls abu dhabi any more than she had to. In a way, I guess I was the reason for her being like, Indian call girls abu dhabi, Indian call girl abu dhabi, indian call girls in abu dhabi, indian call girl agency abu dhabi, Pakistan call girls in abu dhabi, Pakistani call girl in abu dhabi, russian call girls in abu dhabi, russian call girl service in abu dhabi, indian call girls numbers abu dhabi, pakistani call girls number abu dhabi, teen call girls in abu dhabi, outcall call girls in abu dhabi Al Zahiyah Abu Dhabi Call Girls, Al Wahda Abu Dhabi Call Girls, Al Khalidiya Abu Dhabi Call Girls, Khalifa City Abu Dhabi Call Girls, Al Reem island Call Girls, Yas Island Call girls, Al lulu Island Call Girls, Nurai Island Call girls, Saadiyat Island Call Girls, Tourist Club Area Call Girls, Al Baraha Call Girls, Al Bateen Call Girls, Al Danah Call Girls, Al Dhafrah Call Girls, Al Falah City Call Girls, Al Ghadeer Call Girls she was, at least partially, and that made me feel even more responsible to help fix it. But I'd be lying if I didn't admit more sordid, and much more interesting, thoughts crept up right alongside that responsibility.

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts

Monica Sydney

Microsoft Azure Arc Customer Deck Microsoft

AanSulistiyo

20240509 QFM015 Engineering Leadership Reading List April 2024.pdf

Matthew Sinclair

best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...

kajalverma014

Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil

meghakumariji156

Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts. A nutshell review for Hot Call girls in Abu Dhabi. My experience was superb with them this is the only recommended Call girls service in Abu Dhabi with verified Call girls. I am using their services from past 6 months they never ever disappointed me in any way. Let's just say if i asked them to provide me russian Call girls they fulfilled my request or even pakistani Call girls or indian Call girls in Abu Dhabi. They have their owen drivers who brings the Call girls in less time in any area of Abu Dhabi like as well. I'm writing here everything after experience their services in all conditions. So hopefully they will keeps working in the same way and makes more consumers like me. These guys are the best example of work with perfection. Pleased with Abu Dhabi Call girls and highly suggested to every one. Call girls whatsapp numbers in abu dhabi. Rent a girlfriend abu dhabi, stylish call girls abu dhabi any more than she had to. In a way, I guess I was the reason for her being like, Indian call girls abu dhabi, Indian call girl abu dhabi, indian call girls in abu dhabi, indian call girl agency abu dhabi, Pakistan call girls in abu dhabi, Pakistani call girl in abu dhabi, russian call girls in abu dhabi, russian call girl service in abu dhabi, indian call girls numbers abu dhabi, pakistani call girls number abu dhabi, teen call girls in abu dhabi, outcall call girls in abu dhabi Al Zahiyah Abu Dhabi Call Girls, Al Wahda Abu Dhabi Call Girls, Al Khalidiya Abu Dhabi Call Girls, Khalifa City Abu Dhabi Call Girls, Al Reem island Call Girls, Yas Island Call girls, Al lulu Island Call Girls, Nurai Island Call girls, Saadiyat Island Call Girls, Tourist Club Area Call Girls, Al Baraha Call Girls, Al Bateen Call Girls, Al Danah Call Girls, Al Dhafrah Call Girls, Al Falah City Call Girls, Al Ghadeer Call Girls she was, at least partially, and that made me feel even more responsible to help fix it. But I'd be lying if I didn't admit more sordid, and much more interesting, thoughts crept up right alongside that responsibility.

Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts

Monica Sydney

原版制作美国爱荷华大学毕业证（iowa毕业证书）学位证网上存档可查【Q/微信741003700】原版仿制全套留学文凭材料（毕业证/成绩单（GPA成绩修改）/文凭学历证书/在读证明、毕业完成信、Offer录取通知书)；（真实可查）教育部学历认证、留信网认证、文凭认证、diploma、certificate、Degree、Transcript（实体公司，专业可靠）。 1:1完美还原海外各大学证书上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700。留学生归国服务中心面向美国英国澳洲加拿大留学生提供以下服务: 一、办理毕业证成绩单（学校原版1：1高仿真制作）二、留信认证（留学回国人员学历认证，网上存档可查，查到后付款）三、教育部学历认证（中国教育部留服中心存档可查,查到后付款）办理流程 1、收集客户办理信息； 2、客户付定金下单、公司确认到账转制作点做电子版； 3、电子版做好发给客户确认、电子版确认好转成品部做成品； 4、成品做好拍照或者视频确认再付余款； 5、快递给客户（国内顺丰，国外DHL）。本公司诚聘美国、加拿大、英国、新西兰、澳洲、法国、德国、新加坡各地代理人员，如果你有业余时间有兴趣就请联系我们校园代理，报酬丰厚。真诚期待您的加盟。请联系本公司学历认证顾问(QQ：741003700 微信：741003700)欢迎咨询！最专业的学历顾问，最有经验的顶尖OP为广大留学生的归国之路保卫护航！

原版制作美国爱荷华大学毕业证（iowa毕业证书）学位证网上存档可查

ydyuyu

Real Men Wear Diapers T Shirts sweatshirt

rahman018755

75539-Cyber Security Challenges PPT.pptx

Asmae Rabhi

Power point inglese - educazione civica di Nuria Iuzzolino

nuriaiuzzolino1

Best SEO Services Company in Dallas | Best SEO Agency Dallas

Digicorns Technologies

学校颁发一模一样【微信：95270640 】【(Curtin毕业证书)科廷大学毕业证成绩单】【微信：95270640 】学位证，留信认证（真实可查，永久存档）原件一模一样/offer、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原。 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问微信：95270640 【主营项目】一.毕业证【微信：95270640】成绩单、使馆认证、教育部认证、学生卡等！二.真实使馆公证(即留学回国人员证明,不成功不收费) 三.真实教育部学历学位认证（教育部存档！教育部留服网站永久可查）四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度) 如果您处于以下几种情况： ◇在校期间，因各种原因未能顺利毕业……拿不到官方毕业证【微信：95270640】 ◇面对父母的压力，希望尽快拿到； ◇不清楚认证流程以及材料该如何准备； ◇回国时间很长，忘记办理； ◇回国马上就要找工作，办给用人单位看； ◇企事业单位必须要求办理的 ◇需要报考公务员、购买免税车、落转户口 ◇申请留学生创业基金留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才办理Curtin毕业证书)科廷大学【微信：95270640】外观非常简单，由纸质材料制成，上面印有校徽、校名、毕业生姓名、专业等信息。办理Curtin毕业证书)科廷大学【微信：95270640】格式相对统一，各专业都有相应的模板。通常包括以下部分：校徽：象征着学校的荣誉和传承。校名:学校英文全称授予学位：本部分将注明获得的具体学位名称。毕业生姓名：这是最重要的信息之一，标志着该证书是由特定人员获得的。颁发日期：这是毕业正式生效的时间，也代表着毕业生学业的结束。其他信息：根据不同的专业和学位，可能会有一些特定的信息或章节。办理Curtin毕业证书)科廷大学毕业证价值很高，需要妥善保管。一般来说，应放置在安全、干燥、防潮的地方，避免长时间暴露在阳光下。如需使用，最好使用复印件而不是原件，以免丢失。综上所述，办理Curtin毕业证书)科廷大学毕业证是证明身份和学历的高价值文件。外观简单庄重，格式统一，包括重要的个人信息和发布日期。对持有人来说，妥善保管是非常重要的。

一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样

ayvbos

20240508 QFM014 Elixir Reading List April 2024.pdf

Matthew Sinclair

Recently uploaded (20)

APNIC Updates presented by Paul Wilson at ARIN 53

哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查

Meaning of On page SEO & its process in detail.

20240510 QFM016 Irresponsible AI Reading List April 2024.pdf

一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样

20240507 QFM013 Machine Intelligence Reading List April 2024.pdf

"Boost Your Digital Presence: Partner with a Leading SEO Agency"

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts

Microsoft Azure Arc Customer Deck Microsoft

20240509 QFM015 Engineering Leadership Reading List April 2024.pdf

best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...

Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil

Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts

原版制作美国爱荷华大学毕业证（iowa毕业证书）学位证网上存档可查

Real Men Wear Diapers T Shirts sweatshirt

75539-Cyber Security Challenges PPT.pptx

Power point inglese - educazione civica di Nuria Iuzzolino

Best SEO Services Company in Dallas | Best SEO Agency Dallas

一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样

20240508 QFM014 Elixir Reading List April 2024.pdf

[Defcon Russia #29] Алексей Тюрин - Spring autobinding

1. Spring MVC and Autobinding vulns Digital Security Alexey GreenDog Tyurin @antyurin

2. Spring MVC Defcon Russia (DCG #7812) 2

3. Model Defcon Russia (DCG #7812) 3 • Store info for the view • Map • “string”->object

4. Autobinding Defcon Russia (DCG #7812) 4 Binding params to object fields Converter

5. Autobinding vuln Defcon Russia (DCG #7812) 5 https://o2platform.files.wordpress.com/2011/07/ounce_springframework_vulnerabilities.pdf

6. Autobinding vuln Defcon Russia (DCG #7812) 6 https://o2platform.files.wordpress.com/2011/07/ounce_springframework_vulnerabilities.pdf

7. More magic with annotations Defcon Russia (DCG #7812) 7 @ModelAttribute on a method argument “An @ModelAttribute on a method argument indicates the argument should be retrieved from the model “… http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/mvc.html

8. More magic with annotations Defcon Russia (DCG #7812) 8 @ModelAttribute on a method “An @ModelAttribute on a method indicates the purpose of that method is to add one or more model attributes. @ModelAttribute methods in a controller are invoked before @RequestMapping methods” http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/mvc.html#mvc- ann-modelattrib-method-args

9. More magic with annotations Defcon Russia (DCG #7812) 9 @SessionAttribute for controller “The type-level @SessionAttributes annotation declares session attributes used by a specific handler. This will typically list the names of model attributes or types of model attributes which should be transparently stored in the session”

10. More magic with redirects Defcon Russia (DCG #7812) 10 FlashAttribute “Flash attributes provide a way for one request to store attributes intended for use in another.” http://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/mvc.html

11. More magic with annotations Defcon Russia (DCG #7812) 11 @ModelAttribute on a method argument “An @ModelAttribute on a method argument indicates the argument should be retrieved from the model. If not present in the model, the argument should be instantiated first and then added to the model. Once present in the model, the argument's fields should be populated from all request parameters that have matching names.” – is a wrong/dangerous way to get value from the model. Because: at first - retrieving , then autobinding.

12. Ex 2. The First School of Bulimia Defcon Russia (DCG #7812) 12

13. Ex 2. The First School of Bulimia Defcon Russia (DCG #7812) 13

14. Ex 2. The First School of Bulimia Defcon Russia (DCG #7812) 14

15. Ex 2. The First School of Bulimia Defcon Russia (DCG #7812) 15

16. Populating Defcon Russia (DCG #7812) 16 Befor in Model: “user” ={username = “Vasia” pass = “P@ssw0rd” weight= 100} Autobinding: After in Model: “user” ={ username = “lalallalala” pass = “P@ssw0rd” weight= 100 }

17. Example 1. Justice League Defcon Russia (DCG #7812) 17

18. Example 1. Justice League Defcon Russia (DCG #7812) 18

19. Example 1. Justice League Defcon Russia (DCG #7812) 19

20. Example 1. Justice League Defcon Russia (DCG #7812) 20 • More magic? No @ModelAttribute • Spring MVC is IoC and too smart?

21. Example 1. Justice League Defcon Russia (DCG #7812) 21

22. Other real examples? Defcon Russia (DCG #7812) 22 • Github • Articles • Nothing interesting?

23. Blackbox testing Defcon Russia (DCG #7812) 23 • Errors • Collect all parameter names Use them for all entry points Check difference • Strange names or arrays, hashmaps

24. Q&A Defcon Russia (DCG #7812) 24 https://twitter.com/antyurin https://github.com/grrrdog

[Defcon Russia #29] Алексей Тюрин - Spring autobinding

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to [Defcon Russia #29] Алексей Тюрин - Spring autobinding

Similar to [Defcon Russia #29] Алексей Тюрин - Spring autobinding (20)

More from DefconRussia

More from DefconRussia (12)

Recently uploaded

Recently uploaded (20)

[Defcon Russia #29] Алексей Тюрин - Spring autobinding