Esoteric Web Application Vulnerabilities

Presented at BruCON 0x08 (2016), Oct. 27, 2016, 5 p.m. (60 minutes).

A summary of the strangest vulnerabilities I've found during last year which includes: Aggressive input decoding Nil, NULL and password reset tokens Host header manipulation (quick) X-Forwarded-For: 127.0.0.1 ActiveSupport::MessageVerifier Remote Code Execution Insecure Paypal IPN implementations

Presenters:

• Andres Riancho

Links:

• https://brucon0x082016.sched.com/event/8Y7l/esoteric-web-application-vulnerabilities
• https://www.youtube.com/watch?v=V8_Ozpl_eyo

Similar Presentations:

• THOTCON 0x8 (2017) / Null