How to Rob an Online Bank (and get away with it) - Acros Security

More documents

Recommendations

Info

Server-SideCode Execution34
Server-Side Code ExecutionExamples• Java code injection (JBoss bug in 2010)• PHP code injection (eval, system, includes...)• Shell argument injection (command1&command2)• Buffer overflowsImpact• Change e-banking application code• Obtain database/WS credentials,issue direct requests to DB or back-end WS35
Page 4 and 5: Evolution Of E-banking AttacksPAST-
Page 6 and 7: Attacks Against Corporate UsersGoal
Page 8 and 9: Example: Published Corporate Certif
Page 10 and 11: Direct ResourceAccess10
Page 12: Direct Resource Access - URL Base64
Page 15 and 16: Transaction Creation ProcessI want
Page 17 and 18: Negative Numbers - A Devastating Ov
Page 19 and 20: Creating Money Out Of Thin AirNorma
Page 21 and 22: Normal OverdraftAccount #1:Account
Page 23 and 24: Luca Carettoni & Stefano di Paolaht
Page 25 and 26: HTTP Parameter Pollution(Source Acc
Page 27 and 28: SQL Injection27
Page 29 and 30: SQL Injection - Messing With Transa
Page 31 and 32: SQL Injection - Messing With Transa
Page 33: Automated Signing Of Deposit Agreem
Page 37 and 38: Other Attacks• Session Puzzling
Page 40 and 41: Knownat leastsince2001Asymmetric Cu
Page 43 and 44: http://blog.acrossecurity.com/2012/
Page 45 and 46: Apply45
Page 47 and 48: Apply: Bankers - Long Term• “Ph
Page 49: Mitja KolsekACROS d.o.o.www.acrosse

How to Rob an Online Bank (and get away with it) - Acros Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?