Lightning Talk - Automated Gadget Chain Generation for Object Injections

Presented at AppSec USA 2016, Oct. 13, 2016, 10 a.m. (10 minutes).

Object injection vulnerabilities account for the most sophisticated attacks against web applications today. They persist when an attacker is able to modify the unified string representation of an object that is passed to the application. By injecting a specifically crafted object, the attacker can trigger the execution of existing code fragments, so called gadgets. Depending on the application's source code and programming language, different gadget chains are possible that can lead to diverse security issues, such as remote code execution. Due to todays applications' code complexity and size, finding all possible gadget combinations is a difficult task. This lightning talk will present new static code analysis techniques for the automated detection of PHP object injection vulnerabilities and the automated generation of gadget chains.

Presenters:

• Hendrik Buchwald - CSO - RIPS Technologies
  Hendrik Buchwald is a computer science graduate from the Ruhr University Bochum and a professional software engineer. He is co-founder and the CSO of RIPS Technologies, a Bochum-based IT security company with focus on code analysis solutions for web applications.

Links:

• https://appsecusa2016.sched.com/event/7uAx/lightning-talk-automated-gadget-chain-generation-for-object-injections

Similar Presentations:

• Kiwicon 9: Cyberwar Is Hell (2015) / Practical PHP Object Injection
• Black Hat USA 2017 / Don't Trust the DOM: Bypassing XSS Mitigations via Script Gadgets
• Black Hat Europe 2019 / Hands Off and Putting SLAB/SLUB Feng Shui in a Blackbox