Nick Dunn, IOActive Senior Security Consultant, will be presenting: ‘Slightly SOSL’ed – Locating and Testing SOSL Injection’ at Security BSides in London, 9 December.
Nick’s presentation will explore :
The Salesforce platform allows a platform-specific vulnerability within the Apex code, known as SOSL injection; while conceptually similar to SQL injection, the testing and exploitation entails different payloads and approaches.
With concerns stemming from the minimal documentation available online, the exploration will attempt to shed light on the Apex code and custom API issue – its consequences and the working methods for detecting and confirming the existence of the vulnerabilities found within; probing in detail the different payloads useful for detection and exploitation, the consequences of a vulnerable site and finally, discussions on solutions to fix the occurrences of the issue.