Showing papers on "File inclusion vulnerability published in 2020"

Malicious Qr-Code Threats and Vulnerability of Blockchain

Abstract: Today’s rapidly changing world, is observing fast development of QR-code and Blockchain technologies. It is worth noting that these technologies have also received a boost for sharing. The user gets the opportunity to receive / send funds, issue invoices for payment and transfer, for example, Bitcoin using QR-code. This paper discusses the security of using the symbiosis of Blockchain and QR-code technologies, and the vulnerabilities that arise in this case. The following vulnerabilities were considered: fake QR generators, stickers for cryptomats, phishing using QR-codes, create Malicious QR-Codes for Hack Phones and Other Scanners. The possibility of creating the following malicious QR codes while using the QRGen tool was considered: SQL Injections, XSS (Cross-Site Scripting), Command Injection, Format String, XXE (XML External Entity), String Fuzzing, SSI (Server-Side Includes) Injection, LFI (Local File Inclusion) / Directory Traversal.