.svg){kind=small}
.svg){kind=small}
Ensuring a solid security posture of an organisation’s AWS accounts can be quite challenging nowadays due to the numerous service options and configurations, as well as the added burden of complying with business requirements and incumbent infrastructure. As AWS services grow in scope and complexity, organisations must adopt a systematic approach to configuring their cloud […]
Tag: web applications
Multiple Vulnerabilities in Vivotek Camera
Author: Mike Manzotti – Senior Consultant
In a recent security engagement Vivotek Camera IT9388-HT (firmware version: 0100p) was found to be vulnerable to arbitrary file download (CVE-2020-11949) and remote command execution (CVE-2020-11950).
Compromising Jira Externally to Get Internal Network Access
In a recent external network engagement, which had a fairly large number of external services, I found a Jira login page available on the client’s external network. The login page belonged to a Jira Software service, an issue-tracking system used in project management and software development. https://jira.example.com The Jira Software version was just few versions […]
From Internal Web Application To Domain Admin
In a recent internal network penetration test I found a slightly less conventional route to get domain administrator privileges. This type of attack is certainly not new but it shows how thinking-out of the box takes a crucial part when comes to penetration testing. The client that I was facing definitely was not new to […]
Fun with SQL Injection using Unicode Smuggling
During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and then some imagination to fully exploit it and get command execution on the vulnerable server. First off, identifying the SQL injection was trivial, our good old friend, the single quote, […]
OWASP Top 10 2017 Final Release Review
Back in May 2017, I reviewed the release candidate (RC1) version of OWASP (Open Web Application Security Project) Top Ten Web Vulnerabilities for 2017, which as stated within the previous blog entry, has been eventually rejected.To quote my previous OWASP introductory description for new readers: OWASP has been founded back in 2001 and since then it […]
PostgreSQL 9.x Remote Command Execution
During a recent penetration test I was able to gain access to a PostgreSQL 9.0 service. While the process for executing system commands from PostgreSQL 8.1 and before is straightforward and well documented – there is even a Metasploit module to make the process very simple – this was slightly more complex for PostgreSQL 9.x. […]
Analysing Java Stack Traces and Determining the Open Source Software Version
Stack traces are commonly used for debugging purposes by software developers in order to find what went wrong in the application they are developing. The traces contain useful information and only occur when something goes wrong, unless someone intentionally causes an error. These errors should be gracefully handled by their code, logged, and safely served […]
Reposcanner
Reposcanner is a Python script designed to scan Git repositories looking for interesting strings, such as API keys or hard-coded passwords, inspired by truffleHog. Sensitive information like this often gets included in the earlier stages of the development process (or accidentally), and is generally removed before the application or source code is released. However, since […]
Umbraco Forms Local File Inclusion
In a recent engagement, I was working on a fairly secure website and I came across an interesting Umbraco content management system (CMS) package called Umbraco Forms. Umbraco Forms version 4.1.5, 4.2.1, 4.3.2 and earlier minor versions are vulnerable to local file inclusion (LFI) in the “GetExport” web API endpoint within the administration section. Umbraco […]