all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

DataBinding2Shell: Novel Pathways to RCE Web Frameworks

Add to bookmarks
March 31, 2023, 7:30 p.m. | Black Hat

Black Hat www.youtube.com

DataBinding is a mechanism that allows request parameters to be bound to a domain object automatically. It makes development more efficient and code cleaner, and is widely implemented by best web frameworks written in trending programming languages, including Java, JavaScript, Groovy, Python and Ruby.The previous research related to DataBinding mainly focuses on Mass Assignment[1], which is caused by improper use of DataBinding. This occurs when a user is able to access a sensitive field of domain object such as salary, …

access application code development domain flag frameworks java javascript languages novel object programming python rce request research ruby salary security web web frameworks

Visit resource

More from www.youtube.com / Black Hat

Black Hat Asia 2024 Highlights 2 days, 12 hours ago | www.youtube.com
asia black hat black hat asia black hat asia 2024
Startup Spotlight Competition at Black Hat 2 weeks, 4 days ago | www.youtube.com
bhusa blackhat cybersecurity infosec +1
Locknote: Conclusions and Key Takeaways from Day 2 1 month, 1 week ago | www.youtube.com
black hat black hat europe board board members +15
Locknote: Conclusions and Key Takeaways from Day 1 1 month, 1 week ago | www.youtube.com
black hat black hat europe board board members +16
Keynote: My Lessons from the Uber Case 1 month, 1 week ago | www.youtube.com
addition best practices case convicted +16
Keynote: Industrialising Cyber Defence in an Asymmetric World 1 month, 1 week ago | www.youtube.com
adversaries challenge cyber cyber defence +10
The Black Hat Europe Network Operations Center (NOC) Report 1 month, 1 week ago | www.youtube.com
back black hat black hat europe center +14
My Invisible Adversary: Burnout 1 month, 1 week ago | www.youtube.com
adversary attackers attacks burnout +11
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility 1 month, 1 week ago | www.youtube.com
analysis ask bad codeql +10

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

IT Security Engineer

@ People Profilers | Singapore, Singapore, Singapore
View on infosec-jobs.com

Consultant - DFIR - EMEA (SA)

@ Control Risks | Johannesburg, Gauteng, South Africa
View on infosec-jobs.com

Consultant Sénior Cyber Sécurité H/F

@ Hifield | Lyon, France
View on infosec-jobs.com