In this talk i'm going to explain in detail a new technique to achieve javascript code persistence in web applications from devices using the Bacnet protocol (building automation) in the underlying device protocol/web app arquitecture. A remote attacker is able to inject javascript code in the Bacnet device abusing the read/write properties from the Bacnet protocol itself, the code is going to be stored in the Bacnet database helping the attacker to achieve persistence in the victim browser, we are talking about devices that operates in building enviroments or industrial facilities , the posibility to jump from that point to another point in the industrial network using this particular vector is really high.
Bio:
Bertin is a Security Researcher
0 Comments