New RCE Method:Hash Manipulation on WebApp via dpkg

Description

In most web applications, uploading harmful files is allowed with the precautions taken in the file upload section. One of these protection methods is file hash control mechanisms. However, in this presentation, you will see how a file can be added to the system and how the code can run remotely with hash manipulation, how a user can become an authorized user in the system, and how to increase the privileges of the seized application user on a popular application. You will be able to see both a new method and a fresh 0Day as part of the presentation.

Presentation Details:
This presentation gives participants the chance to be a part of the presentation and discover a new vulnerability – live!

This talk will include:

1. What is Remote Code Execution?
2. File Upload Manipulations
3. Interface Demonstration of Openmediavault Application
4. Preparation of deb file for Hash Manipulation
5. Injecting and executing the file by Manipulating the System
6. Remote access to the Web Application System
7. Getting root user privileges from web application user

About the speaker

Mehmet Onder Key is a vulnerability researcher and penetration tester and currently works at Turkish Aerospace Industries(TAI) in Turkey.
While continuing to work in the red team, also works in the blue team and uses the information he acquired there to develop bypass methods. His purpose is to provide added value to the world of cyber security through the trainings he has been given and the researches he has been conducting.

Mehmet Onder publishes security vulnerabilities he discovers on international platforms. In addition, he informs the community of zeroday vulnerabilities he finds in corporate systems on the basis of confidentiality.