Clik here to view.
Exploiting Apache Solr through OpenCMS
Tl;dr It’s possible to exploit a known Apache Solr vulnerability through OpenCMS. During one of my last Penetration Test I was asked to analyze some OpenCMS instances. Before the assessment I wasn’t...
View ArticleClik here to view.
Exploiting an old noVNC XSS (CVE-2017-18635) in OpenStack
TL;DR: noVNC had a DOM-based XSS that allowed attackers to use a malicious VNCserver to inject JavaScript code inside the web page.As OpenStack uses noVNC and its patching system doesn’t update third...
View ArticleClik here to view.
Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …
TL;DR LSP4XML, the library used to parse XML files in VSCode-XML, Eclipse’s wildwebdeveloper, theia-xml and more, was affected by an XXE (CVE-2019-18213) which lead to RCE (CVE-2019-18212) exploitable...
View ArticleProtected: 1-click RCE on Keybase
This content is password protected. To view it please enter your password below: Password: L'articolo Protected: 1-click RCE on Keybase sembra essere il primo su Shielder.
View ArticleClik here to view.
NotSoSmartConfig: broadcasting WiFi credentials Over-The-Air
During one of our latest Penetration Tests we tested an IoT device based on the ESP32 SoC by EspressIF. While assessing the activation procedure we faced for the first time a beautiful yet dangerous...
View ArticleClik here to view.
1-click RCE on Keybase
TL;DR Keybase clients allowed to send links in chats with arbitrary schemes and arbitrary display text. On Windows it was possible to send an apparently harmless link which, when clicked, could...
View ArticleClik here to view.
Sometimes they come back: exfiltration through MySQL and CVE-2020-11579
Let’s jump straight to the strange behavior: up until PHP 7.2.16 it was possible by default to exfiltrate local files via the MySQL LOCAL INFILE feature through the connection to a malicious MySQL...
View Article