How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Tuesday, May 21, 2013

WAF Bypass at PHDays III

During the Positive Hack Days a competition for enthusiasts and experts of web application security will take place. The challenge organized by forum's technological partner ICL-KME CS company provides an opportunity to test oneself in exploiting vulnerable web applications protected by a Web Application Firewall.

Rules
The participants will be offered to attack (or demonstrate the attack possibility) for the purpose of gaining data from a DBMS and file system. There are several vulnerable web applications in the contest. All attacks exploiting any SQL injection vector, inclusive of gaining file system access, OS commanding, brute force and binary search attacks are counted. Attacks exploiting other vulnerabilities (e. g. buffer overflow in the web server or DBMS server) are not counted. The winner is the first who obtains access to all specially crafted data (flags). There are three flags in the competition. If several competitors implement different techniques of exploiting the same vulnerability, the winner is the person whose attack allows obtaining the same DBMS data set using the least number of queries to the server.

Participation Terms
Any PHDays III is welcome to compete for prizes. The competition will last throughout the forum. To receive the prize, the winner should provide his or her contact information (name, phone number, postal address) or be present at the award ceremony in person.

Prizes
The winner will receive a special prize from the forum’s technological partner, ICL. The people who took first five places will receive prizes and souvenirs from the PHDays organizers (Positive Technologies) and the ICL company.

Technical Details 
The selection and usage of equipment that may be needed is up to the participants. You will need any mobile device with a Wi-Fi option to partake in the contest.

No comments:

Post a Comment