critical vulnerabilities in the online services of a romanian telephony company - defcamp 2012
DESCRIPTION
TRANSCRIPT
![Page 1: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/1.jpg)
Vulnerabilități grave în serviciile online ale
unui telecom din România
Prisăcaru Anatolie@shark0der
01.12.2012 @DefCamp
![Page 2: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/2.jpg)
The problem
![Page 3: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/3.jpg)
The motivation
![Page 4: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/4.jpg)
Let's dive into all this stuff
![Page 5: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/5.jpg)
The configurator
![Page 6: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/6.jpg)
The surprise
![Page 7: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/7.jpg)
The serious approach
![Page 8: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/8.jpg)
… still serious approach
![Page 9: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/9.jpg)
This can't be real
![Page 10: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/10.jpg)
What about pushing the limits?
![Page 11: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/11.jpg)
… even more
![Page 12: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/12.jpg)
Unbelievable, but it worked :)
![Page 13: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/13.jpg)
Really worked!
![Page 14: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/14.jpg)
And I've got more then I expected!
![Page 15: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/15.jpg)
Under the hood
![Page 16: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/16.jpg)
The key
![Page 17: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/17.jpg)
The simplicity
![Page 18: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/18.jpg)
The stupidity
![Page 19: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/19.jpg)
The lesson
NEVER BUT NEVER TRUST USER INPUT
![Page 20: Critical vulnerabilities in the online services of a romanian telephony company - DefCamp 2012](https://reader033.vdocument.in/reader033/viewer/2022051612/54bd122e4a7959f7288b4574/html5/thumbnails/20.jpg)
THE END
Prisăcaru Anatolie@shark0der
01.12.2012 @DefCamp