Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (9)
Similar a The Security Risks of Web 2.0 - DEF CON 17
Similar a The Security Risks of Web 2.0 - DEF CON 17 (20)
Más de Security Ninja
Más de Security Ninja (10)
Último
Último (20)
The Security Risks of Web 2.0 - DEF CON 17
- 1. !" # $
- 2. ! "
- 3. ! #$ %& #' ' &# ' # ( '! ) * + * , - " + " , . & " '' - " /( " 0 " + / 1 # / ,
- 4. " 2 3% & ' & & ' $ ( 3 !& ) & ) '& ' 3* & + & ," -&. & " 4 3 %' // '& ' 30 ) 1 & 2 3 30 ) / & 3
- 5. 5 " " # " " / 46 "" / " " 7 .2$ 8 9
- 7. $ % & %'( " # !"#$ %
- 8. % ) & %*( '( + & %*( & %'( 0 : $ / / & 6 / " ; / 6< / ! =># ! &# ! & ? @# ? .)# . &# $< # @=># ! &# ! & 8 & & " - # " " & &
- 9. + & %'(, % " / $ 0 / A> ' * 0 ' > / ' / '
- 11. & %'( , % . " " 4 3@ 30 ' * 3= " / !
- 12. + - ) B) ' BC @ "" "" / /
- 13. + - ) 8& 5$ 7 ' " " / 4D "E + ,D: "E & 5 7 " + / , " / 4D "E FG "4:: % " : /8 : / BGH D: "E -.= 6 " / -.=# 4 "4:: % " : " "B FD " EIII " 4D "E " F ;$> %. +J FJ,HKL + ;$> /+" # ;$> / ,,L D: "E
- 14. + - B - -.= "" ; " " " / /@ + ? .)# @=> ,
- 15. + - - -.= ? @ $' "" * " -.= ' + , / 4 D "E + ,D: "E * -.= = " ? .) -.= * " +,
- 16. + - +, M "L + @=>! "$ ,M "F @=>! "$ +,L N + @. * , M "F @. * +J= % @=>! &J,L +O ", M "F @. * +J= @=>! &J,L N N " " +J(< J# 7 " % " "B F "4:: 8 % " J# ,L " / F +, M + " FF P, M " F " " % L :: + ,N N " + ,L N
- 17. + . / + / ) B) ' BC $0 // 8 2 " 8 "" # 2 " @ OF $0 @ # " % 2 # $0# % /
- 18. + . / + / &. "4:: * : / ! &: ! & F * Q" F) * Q F
- 19. + . / + / (< "4:: * :" B * F/ * Q F ! &: ! & '-F RPK9STU
- 20. + . / + / D'=( $ F5 "4:: * :" B * F * 7 :E! &: ! & '-F RPK9STU
- 21. + . / + / B @=> ? .) " . / & G "
- 22. + . / + / (= '> / " $0 - V / - 1 D'=( $ I D'0$ =< $ I %" D / FJ " 4:: / / : :;" & F Q F Q/ " F. & Q. & F& .$- Q& F RQ& / F RQ"FQ F JE D FJ " 4:: / / : :;" & F Q F Q/ " F. & Q. & F& .$- Q& F RQ& / F RQ"FQ F JE
- 23. + . / + / ( / $0 ? .) ) @=>! "$ +@!$, " ? .) 2 / B ? .) O
- 24. + . / + / ( / $0 ? .) D " " FJ % :* " JE / / + ,M # L + F L D 6 / L HH, M HF JD EJ H 6 WX< H JD: EJL N +JD EJ H H JD: EJ,L N D: "E D " " FJ % :* "J FJ "4:: / / : : B F* Q F >>Q" F Q F/ / Q %FUUUUUJE D: "E !
- 25. 01 2 ) B) ' BC A> * J * J A> " ""
- 26. 01 2 F +J J, F J <>< Y 0$.= !<$< F GJ H ) H JGLJ ' 2 Z 2FZ J <>< Y 0$.= !<$< F Z 2 .$ Z 2FZ 2L F FF # / O " % " # A> ' * / 4 3P A> ' * " S # H / [ V< U " @ -
- 27. 01 2
- 28. 01 2 B 6 / " %" / / ! * ! * /* " ' * ? .)# @=># . &
- 29. 01 2 A> ' * %" #? U C< !P < 94 ] F V +G / G#GG# ,L R 4 ]" F V +G" G#GG# ,L S 4] F ^ +J <>< Y 0$.= G ^ G !<$< + >'< GJ ] JG, )- +" >'< GJ K+]" , JG, >'=' J#] ,L <8= F R P R _/ G, .$ F :Y & F /
- 30. 01 2 A> ' * / * "#? U -< > $< _ + KK,#_ + KK, -< > $< ^ ;$ .$ 0.$ # * # F % " FG G + % " FUU % " FRK % " F R % " F 9S, .&<) ^ 0< ! )<@ 0$.= ^ ') . _ #_ !'><+__0< !^ ; F , 6<(') % +G " WGH_ HGX WGH_ HGXF + + #WGH_ HGX,,HGGD " F "4:: :* * ED: " EGGG,0< ! )<@ 0$.= ^ ') . _ #_ <)- >. < ^ -< >>. < ^
- 31. 01 2 "4:: :* * /4 +JD F "4`:`: `: `: % F / F ED`: EJ,L +JD " " F`J % `:* " `J F`J "4`:`:* /* 1 / `: TUKT `: /* * `JED`:
- 32. -3 45 2 ) B) ' BC @& !' * 8 "" @& ! @=>
- 33. -3 45 2 % DB% FJ J /FJ; 08TJBE D E D E D E D: E D E) * D: E D / '-E * D: / '-E D" E D:" E D: E D E D E6 D: E D E D: E D / '-E D: / '-E D" E D:" E D: E
- 34. -3 45 2 :: : W / '-: % +,FZ * 2 " : % +,FZ 2X ' G F :: : W> / '-: % +,FG G F " : % +,FG G F X F FF # / O " % " # * G F "
- 35. -3 45 2 B @=> @ ? @O
- 36. - & ) BC " " / /@ * "" " " /
- 37. - & / ) @ " / 0 @ #P / " / = " H P < U
- 38. - & # / O - # " U ; " / / " 4 % F +G "4:: JED: ED " FJ "4:: 1 :% * JED: " ED G,L %* B
- 39. - & F < ! =>L /F $ /<%"+: ^ ^ F G+ Y,GL:/,L F / % + ,L F W XL ;" F +,L ;" W XFJ- # - G BJL ;" W XFJ? - OJL ;" W XFJ # - 4,JL ;" WRXFJV OB B - / OJL ;" WPXFJ - JL ;" WKXFJ_ - JL / $ F ;" W= += +,Y ;" / ,XL " < F +/ $ ,L % F +G "4:: JED: ED " FJ "4:: 1 :% * JED: " ED G,L
- 40. - & * % F @! +,L * % +J: : " J# J&. J# J ^ FJH HJQ FJH " < HJQ F Q " F " J,L * % F @! +,L * % +J: : / J# J&. J# J ^ FJH HJQ W XFJH% HJQ F Q " F " J,L
- 41. - & F < ! =>L /F $ /<%"+:D FJ+ Y,J FJ 8 8 ^ J:/,L F / % + ,L F W XL L F + ,L +JD / FG "4:: 1 :% " "B FJ H H JQ FJ H H JGEJ,L +JD / FG "4:: : / / GEJ,L
- 42. - & ! / B / " / : " ' / :! : " +&-&:6 ! , ; / --
- 43. / 2 ) BC 0 // / / / %"
- 44. / 2 DB% FJ JBE D FJ 7E D E D E) * ) D: E D E "4:: % " D: E D " E) / * D: " E D / / E 8 D: / / E D" - E # ? U U4 4 (= D:" - E D 6 - E0 # ? U U4 R4 U (= D: 6 - E D E "4:: % " : D: E D/ E< D:/ E D / /< E _ % " D: / /< E D = E _ % " D: = E D EKD: E
- 45. / 2 $ a $ / @ $0 "
- 46. / 2 D E D ED "E FZ "4:: % " : /8 : / B2H D: " ED: E D E "4:: % " : : * D: E D " E / OD: " E D" - E0 # ? U 4P 4 T (= D:" - E D/ E "4:: % " : U: 9: b D:/ E D: E D: E D: E
- 47. / 2 D E D EQ L " Q/ L FZ "4:: % " : /8 : / B2H Q L: " Q/ LD: E D E "4:: % " : : * D: E D " E / OD: " E D" - E0 # ? U 4P 4 T (= D:" - E D/ E "4:: % " : U: 9: b D:/ E D: E D: E D: E
- 48. / 2 > a $ ! => / % ' %
- 49. / 2 D "E % 0 FJJL 0 FJ 4`` % JL 0 F @. * +J " /0 . * J,L $ 0 F 0 ." %0 + 0 # # ,L % 0 HF $ 0 $ +,L $ 0 +,L + % 0 ,L FZ "4:: % " : /8 : / B2H % 0 D: "E
- 50. / 2 C (;' " ;$>2 ;$> % +, D FJ JE D E D E D: E D E D E " 8 : ": ^ D: E D E "4:: % " JL" 8 J" G / GJ EJ: ": ^ D: E D" - E0 # 9 . S P4 4 KH R D:" - E D: E D: E D: E - (
- 51. / 2 ! / B V / / // / $ " /
- 52. 6 7 & 5 ) BC = " / " " %" / @ $0
- 53. 6 7 & 5 "4:: :6 /) = ":
- 54. 6 7 & 5 = " = " " # " = " = " # .& = " # B
- 55. 6 7 & 5 "4:: / / :/
- 56. 6 7 & 5 / " / # " -.= " 0 * / " / " "
- 57. 6 7 & 5 = 0 "" ""
- 58. 6 7 & 5 = 0 "" ""
- 59. 6 7 & 5 = 0 ""
- 60. 6 7 & 5
- 61. 6 7 & 5 = 0 "" "" & " " "" P[ 0 ) # a /
- 62. 1 ) B) ' BC "" / # / # " / "" "
- 63. 1 " / / "4:: % " : B F= ' / ;$> "4:: % " : B F= )- F ) /F / !" "#$ !$ % !$&" %" ' (! &) "
- 64. 1 B -> " 6 /
- 65. 1 $ / -> / " / ' / / # " 4 DO88 -> " % 4 $ R6 0 T# K+ 4 K4 P < , 88E DO88 -> " % 4 R6 . K# K + K4 R4RS <- , 88E DO88 -> " % 4 P6 " # 9 + 94KK4PT &- , 88E DO88 -> / a 88E DO88 @=> " K R;+ "4:: %%%% , +%%%, 88E + " O,
- 66. 1 & / / / " D% 4 " " FJ< " JE D% 4 E D% 4 E< D:% 4 E D:% 4 E D% 4 FJ% 4 /JE D% 4 %> / FJK J:E D% 4" FJ H_ HJ:E D:% 4 E D:% 4 " " E
- 67. 1 "" V # / C " ) = S ( 1
- 68. 1
- 69. 7 7 / ) ) B) ' BC * / # " / # 1 # "
- 70. 7 7 / ) & % / # / " % > " 6 & ! / = / > " '-2 & '-2 > % '-2 ; / '-
- 71. 7 7 / ) 0 " & ;$> " R" ;$> F+ '-, F+ '-, F+ , "4:: : " "B F8RQ F K T RPK99Q F U "4:: * : /:B"F UT - $ L8,
- 72. 7 7 / )
- 73. 7 7 / )
- 74. 7 7 / )
- 75. 7 7 / ) B & ! 2 " / H = " "" / / / " ( H
- 76. + ) B) ' BC "" " /" 2 "
- 77. + ' / ) " / ! / : / ; / " + -< , 0 / / " ' ) " / . / >: > / 0 / " < / % "
- 78. + B = " # / / =% / " /
- 79. ) 7& %'( = " % "" / / + , ; "" / - / ' " "
- 80. 5 ) 7 % 8 0 # " " " " - " # " 5 7 6 # 2
- 81. 47 3 ' " V 3 - 9: 2 . " V 3 - 9: 2 9; < ! / 3 1 3 & + 9 < 9+ / = / 3 4 9 9+ / 3 3 4 / 3 3 )7 $ 3 9 3 9/
- 82. 5 ) 7 % 8 $ " = ' % + ) $&' ( ) > * ! ! " . $ 4 " # "
- 83. * " 4_ * - $ # % " / "" 4 <" # P / #- #'