This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, October 25 • 11:00am - 11:45am
Riding the Magical Code Injection Rainbow

Sign up or log in to save this to your schedule and see who's attending!

There are many intentionally vulnerable web applications available for people to learn how to exploit various types of flaws. Unfortunately, many of them have only the most basic and easily exploited examples of flaws. In order to work with a more complex version of a flaw, it's usually necessary to write your own vulnerable application or modify an existing one. 

There is another option! The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerable applications. This presentation will demonstrate the use of the existing MCIR applications such as SQLol (for SQL injection) and XMLmao (for XML and XPath injection), teach advanced exploitation techniques in SQL injection; XPath injection; cross-site scripting; and shell command injection, discuss the exploitation of insecure cryptosystems and discuss how to use the MCIR framework to build your own configurable vulnerable application.

avatar for Daniel Crowley

Daniel Crowley

Senior Security Consultant, Trustwave
Daniel (aka "unicornFurnace") is a Senior Security Consultant for Trustwave's SpiderLabs team. Daniel denies all allegations regarding unicorn smuggling and questions your character for even suggesting it. Daniel has developed configurable testbeds such as SQLol and XMLmao for training and research regarding specific vulnerabilities. Daniel enjoys climbing large rocks. Daniel has been working in the information security industry since 2004 and is... Read More →

Andrew Jordan

Independent Security Researcher

Friday October 25, 2013 11:00am - 11:45am
Gemalto Room Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757

Attendees (22)