InfoSec Blog

tags Archives

Exploit

Example CVE-2020-11579 exploit run

28/07/2020

Sometimes they come back: exfiltration through MySQL and CVE-2020-11579

Walkthrough and exploitation of MySQL LOCAL INFILE accompanied by the release of a new open-source tool to exploit similar vulnerabilities..

2

Min

1-click RCE on Keybase

27/04/2020

1-click RCE on Keybase

Keybase client allowed inject arbitrary links with arbitrary protocols. This caused a Remote Command Execution on Windows and MacOS.

5

Min

NotSoSmartConfig example run

20/04/2020

NotSoSmartConfig: broadcasting WiFi credentials Over-The-Air

Security analysis of the SmartConfig procol by Espressif and publishing of the NotSoSmartConfig tool, able to retrieve WiFi credentials from a PCAP.

4

Min

XXE to RCE via XML file opening

24/10/2019

Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …

The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.

6

Min

OpenStack's noVNC XSS

19/10/2019

Exploiting an old noVNC XSS (CVE-2017-18635) in OpenStack

OpenStack was using an old version of noVNC affected by a DOM-based XSS that allowed attackers to steal VM tokens and take over VMs.

4

Min

Exploiting Apache Solr through OpenCMS

13/04/2019

Exploiting Apache Solr through OpenCMS

Exploiting a known XXE in Apache Solr through OpenCMS handleSolrSelect, to read arbitrary files from the OpenCMS' server.

7

Min

Nagios XI 5.5.10 RCE exploit

10/04/2019

Nagios XI 5.5.10: XSS to #

Walkthrough of a 1-click root RCE exploit chain in Nagios XI 5.5.10 by polict: XSS, RCE and local privilege escalation in a single URL click.

5

Min