How to Rob an Online Bank (and get away with it) - Acros Security
How to Rob an Online Bank (and get away with it) - Acros Security
How to Rob an Online Bank (and get away with it) - Acros Security
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Server-Side Code ExecutionExamples• Java code injection (JBoss bug in 2010)• PHP code injection (eval, system, includes...)• Shell argument injection (comm<strong>an</strong>d1&comm<strong>an</strong>d2)• Buffer overflowsImpact• Ch<strong>an</strong>ge e-b<strong>an</strong>king application code• Obtain database/WS credentials,issue direct requests <strong>to</strong> DB or back-end WS35