Upload

Loading icon Loading...

This video is unavailable.

POET vs ASP.NET: DotNetNuke

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to like cryptbe's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to dislike cryptbe's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to add cryptbe's video to your playlist.

Uploaded on Sep 16, 2010

In this video we show how to use POET to attack the latest version of ASP.NET. The target application is DotNetNuke. The attack consists of two phases:

1. In the first phase, we use POET to extract DotNetNuke's secret keys, and use those keys to generate a cookie to login as a super user. The same technique can be used to attack _every_ ASP.NET application.

2. In the second phase, we use Cesar Cerrudo's Token Kidnapping attack to gain SYSTEM privilege on the Windows server hosting DotNetNuke.

This research was done by Thai Duong and Juliano Rizzo. More information can be found at http://netifera.com/research.

Loading icon Loading...

Loading icon Loading...

Loading icon Loading...

Loading icon Loading...

Ratings have been disabled for this video.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.

Loading icon Loading...

Advertisement
Loading...
Working...
Sign in to add this to Watch Later

Add to