ebrahim hegazy @zigoo0 cyber security analyst @q cert ehegazy@qcert org n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Yahoo Zero-Day Vulnerability - Code Point of View PowerPoint Presentation
Download Presentation
Yahoo Zero-Day Vulnerability - Code Point of View

Loading in 2 Seconds...

play fullscreen
1 / 11

Yahoo Zero-Day Vulnerability - Code Point of View - PowerPoint PPT Presentation


  • 70 Views
  • Uploaded on

Ebrahim Hegazy @Zigoo0 Cyber Security Analyst @Q-CERT Ehegazy@qcert.org. Yahoo Zero-Day Vulnerability - Code Point of View. 12 April - 2014. Not this type of bugs!. Nor even This type Of hunting!. 1- Bug Bounty Programs. 2- Remote Code Execution Vulnerability 3- Live Example – WebPwn3r

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Yahoo Zero-Day Vulnerability - Code Point of View


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
ebrahim hegazy @zigoo0 cyber security analyst @q cert ehegazy@qcert org
Ebrahim Hegazy

@Zigoo0

Cyber Security Analyst @Q-CERT

Ehegazy@qcert.org

Yahoo Zero-Day Vulnerability - Code Point of View

12 April - 2014

slide5

1- Bug Bounty Programs.

2- Remote Code Execution Vulnerability

3- Live Example – WebPwn3r

4- Demo Videos

bug bounty programs
Bug Bounty Programs

https://bugcrowd.com/list-of-bug-bounty-programs/

remote code execution vulnerability
Remote Code Execution Vulnerability

Simply, PHPCE occurs when user-supplied(GET/POST) values of the parameters are reflected inside eval() function, that vulnerability allows attackers to execute PHP code such as {echo system(“id”)} or any other php function/code.