Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking

Дата: 15.01.2020. Автор: CISOCLUB. Категории: Подкасты и видео по информационной безопасности

When caching servers and load balancers became an integral part of the Internet’s infrastructure, vendors introduced what is called «Edge Side Includes» (ESI), a technology allowing malleability in caching systems. This legacy technology, still implemented in nearly all popular HTTP surrogates (caching/load balancing services), is dangerous by design and brings a yet unexplored vector for web-based attacks.

By Louis Dion-Marcil

Full abstract and materials: https://www.blackhat.com/us-18/briefings/schedule/#edge-side-include-injection-abusing-caching-servers-into-ssrf-and-transparent-session-hijacking-11504

CISOCLUB

Об авторе CISOCLUB

Редакция CISO CLUB. Официальный аккаунт. CISO CLUB - информационный портал и профессиональное сообщество специалистов по информационной безопасности.
Читать все записи автора CISOCLUB

Добавить комментарий

Ваш адрес email не будет опубликован.