Code diving for pop chains
2019-11-30, 11:10–11:55 (Europe/Vienna), Dachsaal

PHP Object Injection is a well known web vulnerability that could allow an attacker to perform different kinds of attacks by reusing and chaining existing code of the application(gadgets). Sometimes it is easier to find the vulnerability than discovering a proper chain for a remote code execution. This talk illustrates the long road of searching for various "POP chains" by disclosing details of a vulnerability for Okay-CMS. The code of the application will be analyzed and possible payloads will be discussed. A working unauthenticated remote code execution exploit will finally proof the concept.

See also: Slides

Wolfgang Hotwagner is a Research-Engineer at the ICT Security Research Team of the Austrian Institute of Technology(AIT), where he works on various topics like "Pentesting", "Log File Anomaly Detection" and "Cyberrange". He is a linux enthusiast and practices it-security in his spare time.