HOSTED EVENT | Feb 15, 2024

hack::CHELTENHAM | Slightly SOSL’ed – Locating and Testing SOSL Injection | Nick Dunn

We would like to welcome our security friends in the Cheltenham, UK region, to join us for the next hack::CHELTENHAM.

Nick Dunn, IOActive Senior Security Consultant, will present an exploration into SOSL injection vulnerabilities.

The Salesforce platform allows a platform-specific vulnerability within the Apex code, known as SOSL injection; while conceptually similar to SQL injection, the testing and exploitation entails different payloads and approaches.

With concerns stemming from the minimal documentation available online, the exploration will attempt to shed light on the Apex code and custom API issue – its consequences and the working methods for detecting and confirming the existence of the vulnerabilities found within; probing in detail the different payloads useful for detection and exploitation, the consequences of a vulnerable site and finally, discussions on solutions to fix the occurrences of the issue.

hack::CHELTENHAM is a new event hosted at our Cheltenham Hardware Lab for the cybersecurity and hacking community to discuss all things security over food and refreshments.

We hope you can join us for our second hack::cheltenham!