I've written up a novel technique to get RCE on webservers - Server-Side Template Injection - over at http://blog.portswigger.net/2015/08/server-side-template-injection.html. I presented this at Black Hat USA 2015 - you can watch a recording at https://www.youtube.com/watch?v=3cT0uE7Y87s
Shortly afterwards, I presented at 44Con 2015 on Hunting Asynchronous Vulnerabilities. You can read a summary at http://blog.portswigger.net/2015/09/hunting-asynchronous-vulnerabilities.html or watch the recording (paid only alas) at https://vimeo.com/ondemand/44conlondon2015/141318621
No comments:
Post a Comment