110 likes | 210 Views
Ebrahim Hegazy @Zigoo0 Cyber Security Analyst @Q-CERT Ehegazy@qcert.org. Yahoo Zero-Day Vulnerability - Code Point of View. 12 April - 2014. Not this type of bugs!. Nor even This type Of hunting!. 1- Bug Bounty Programs. 2- Remote Code Execution Vulnerability 3- Live Example – WebPwn3r
E N D
Ebrahim Hegazy @Zigoo0 Cyber Security Analyst @Q-CERT Ehegazy@qcert.org Yahoo Zero-Day Vulnerability - Code Point of View 12 April - 2014
1- Bug Bounty Programs. 2- Remote Code Execution Vulnerability 3- Live Example – WebPwn3r 4- Demo Videos
Bug Bounty Programs https://bugcrowd.com/list-of-bug-bounty-programs/
Remote Code Execution Vulnerability Simply, PHPCE occurs when user-supplied(GET/POST) values of the parameters are reflected inside eval() function, that vulnerability allows attackers to execute PHP code such as {echo system(“id”)} or any other php function/code.