Memcached is a distributed memory caching system. It is in great
demand in big-data Internet projects as it allows reasonably
speed up web applications by caching data in RAM. Cached data
often includes user sessions and other sensitive information.
This report is based on research of different memcached wrappers to
popular web application development platforms, such as Go, Ruby,
Java, Python, PHP, Lua, and .NET. The primary goal is determining
input validation issues at key-value data which could be used to inject
arbitrary commands to memcached protocol.
As a result, the speaker found a way to do something like “SQL
Injection attacks,” but on memcached service. Such an attack in
practice leads to different effects from authentication bypass to
execution of arbitrary interpreter’s code. It’s a real world problem
found on security audits and exists on different popular web applications,
more here.........https://www.blackhat.com/docs/us-14/materials/us-14-Novikov-The-New-Page-Of-Injections-Book-Memcached-Injections-WP.pdf
demand in big-data Internet projects as it allows reasonably
speed up web applications by caching data in RAM. Cached data
often includes user sessions and other sensitive information.
This report is based on research of different memcached wrappers to
popular web application development platforms, such as Go, Ruby,
Java, Python, PHP, Lua, and .NET. The primary goal is determining
input validation issues at key-value data which could be used to inject
arbitrary commands to memcached protocol.
As a result, the speaker found a way to do something like “SQL
Injection attacks,” but on memcached service. Such an attack in
practice leads to different effects from authentication bypass to
execution of arbitrary interpreter’s code. It’s a real world problem
found on security audits and exists on different popular web applications,
more here.........https://www.blackhat.com/docs/us-14/materials/us-14-Novikov-The-New-Page-Of-Injections-Book-Memcached-Injections-WP.pdf