Description
In most web applications, uploading harmful files is allowed with the precautions taken in the file upload section. One of these protection methods is file hash control mechanisms. However, in this presentation, you will see how a file can be added to the system and how the code can run remotely with hash manipulation, how a user can become an authorized user in the system, and how to increase the privileges of the seized application user on a popular application. You will be able to see both a new method and a fresh 0Day as part of the presentation.
Presentation Details:
This presentation gives participants the chance to be a part of the presentation and discover a new vulnerability – live!
This talk will include:
1. What is Remote Code Execution?
2. File Upload Manipulations
3. Interface Demonstration of Openmediavault Application
4. Preparation of deb file for Hash Manipulation
5. Injecting and executing the file by Manipulating the System
6. Remote access to the Web Application System
7. Getting root user privileges from web application user