The New Page of Injections Book: Memcached Injections

by Ivan Novikov
Sept. 23, 2017 0 comments Black Hat belen_caty Pen Testing & Audits databases memcached vulnerabilities

Memcached is a distributed memory caching system. It is in great demand in big-data Internet projects as it allows reasonably sped up web applications by caching data in RAM. Cached data often includes user sessions and other operational information. This talk is based on research of different memcached wrappers to popular web application development platforms, such as Go, Ruby, Java, Python, PHP, Lua, and .NET. The primary goal is determining input validation issues at key-value data which could be used to inject arbitrary commands to memcached protocol.