Категории

Internal Server Error: Exploiting Inter-Process Communication in SAP's HTTP Server

Опубликовано: 13 Октябрь 2024
на канале: Black Hat
3,227
67

More than 400,000 organizations, including 90% of Fortune 500 companies, rely on SAP's software to keep their business up and running. At the core of every SAP deployment is the Internet Communication Manager (ICM), the piece of software in charge of handling all HTTP requests and responses.

This talk will demonstrate how to leverage two memory corruption vulnerabilities found in SAP's proprietary HTTP Server, using high-level protocol exploitation techniques. Both techniques, CVE-2022-22536 and CVE-2022-22532, were remotely exploitable and could be used by unauthenticated attackers to completely compromise any SAP installation on the planet.

Presented by Martin Doyhenard

Full Abstract & Presentation Materials: https://www.blackhat.com/us-22/briefi...

play_arrow
177,221
1.2 тыс

The Who - Be Lucky (Official Audio)

The Who - Be Lucky (Official Audio)
play_arrow
11,033
222

Кулич из Венского теста - результат получаеться с первого раза. Замес теста

Кулич из Венского теста - результат получаеться с первого раза. Замес теста
play_arrow
51,170
208

All You Need to Know About Pakistan’s HQ-9 Air Defence System

All You Need to Know About Pakistan’s HQ-9 Air Defence System
play_arrow
71
4

Как создать простой сайт/лендинга на Tilda на один экран без опыта и знаний. Часть 2.

Как создать простой сайт/лендинга на Tilda на один экран без опыта и знаний. Часть 2.
play_arrow
63
2

Python Built-In Modules: Math, OS, and Datetime Explained with Code Examples

Python Built-In Modules: Math, OS, and Datetime Explained with Code Examples
play_arrow
26
3

Hand Simulator Episode 1 – The Derp Hands

Hand Simulator Episode 1 – The Derp Hands
play_arrow
17,779
299

Telegram channel link not working problem fix🔥 || How to fix telegram channel link not open error!

Telegram channel link not working problem fix🔥 || How to fix telegram channel link not open error!
play_arrow
1,368
45

Jetta из США за 2 недели?

Jetta из США за 2 недели?
Похожие видео
play_arrow
Keynote - Securing Our Cyberspace Together

Keynote - Securing Our Cyberspace Together
play_arrow
Fireside Chat: Jeff Moss and Ruimin He

Fireside Chat: Jeff Moss and Ruimin He
play_arrow
LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules

LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules
play_arrow
Emerging Frontiers: Insights from the Black Hat Asia Review Board

Emerging Frontiers: Insights from the Black Hat Asia Review Board
play_arrow
What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned

What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned
play_arrow
The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition

The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition
play_arrow
Privacy Detective: Sniffing Out Your Data Leaks for Android

Privacy Detective: Sniffing Out Your Data Leaks for Android
play_arrow
Debug7: Leveraging a Firmware Modification Attack for Remote Debugging of Siemens S7 PLCs

Debug7: Leveraging a Firmware Modification Attack for Remote Debugging of Siemens S7 PLCs
play_arrow
The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms

The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms
play_arrow
One Flip is All It Takes: Identifying Syscall-Guard Variables for Data-Only Attacks

One Flip is All It Takes: Identifying Syscall-Guard Variables for Data-Only Attacks
play_arrow
Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments

Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments
play_arrow
You Shall Not PASS - Analysing a NSO iOS Spyware Sample

You Shall Not PASS - Analysing a NSO iOS Spyware Sample