This course aims to teach learners about the importance of path normalization in web security and how to identify vulnerabilities related to it. By the end of the course, students will be able to recognize path normalization issues, understand the risks associated with them, and exploit such vulnerabilities for various frameworks like Spring and Rails. The course covers topics such as URL path parameters, reverse proxies, ACL bypass, RCE, and code reuse bugs. The teaching method involves a combination of theoretical explanations, case studies, and practical demonstrations. This course is intended for individuals interested in web security, penetration testing, and ethical hacking.
Overview
Syllabus
Intro
Orange Tsai
Agenda
Polyglot URL path
Why path normalization
Can you spot the vulnerability?
Nginx off-by-slash fail
How to find this problem?
Spring Oday - CVE-2018-1271
Bonus on Spark framework
Rails Oday - CVE-2018-3760
For the RCE lover
URL path parameter
When reverse proxy meets...
How danger it could be?
Uber bounty case
Bynder RCE case study
Inconsistency to ACL bypass
Misa New Password
Misconfiguration to auth bypass
Log injection to RCE
Private bounty case
Amazon RCE case study
Path normalization bug leads to ACL bypass
Seam Feature
Code reuse bug leads to Expression Language injection
EL blacklist bypassed leads to Remote Code Execution
Mitigation
Summary
Taught by
Cooper
