A somewhat curated list of links to various topics in application security.
Link | Excerpt | Word Count |
---|---|---|
XSS and RCE | RCE (Remote Code Execution) is a critical vulnerability which usually is the final goal of an attack. With code execution, it’s possible to compromise servers, clients and entire networks. | 578 |
From LFI to RCE in php | Everyone knows about the (hopefully dead) /proc/self/environ and /var/log/apache2/error.log tricks to get a shell from a LFI, but it seems that only a few people knows about the tmp_name one. | 237 |
opsxcq/exploit-CVE-2016-10033 | PHPMailer is the world's most popular transport class, with an estimated 9 million users worldwide. Downloads continue at a significant pace daily. Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more PHPMailer before its version 5.2. | 1430 |
How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE! | Hi, it’s been a long time since my last blog post. In the past few months, I spent lots of time preparing for the talk of Black Hat USA 2017 and DEF CON 25. Being a Black Hat and DEFCON speaker is part of my life goal ever. This is also my first English talk in such formal conferences. | 1354 |
Oops...you've unearthed some outdated content! | Check out our latest blog posts instead or get to know the people behind the cloud. Latest Posts View All | 0 |
#BugBounty | This vulnerability blog is about when Apache struts2 CVE-2013–2251 went viral and was getting highly exploited because of the impact of vulnerability which was leading to execution of remote commands. | 909 |
#BugBounty | This vulnerability blog is about when Apache struts2 CVE-2013–2251 went viral and was getting highly exploited because of the impact of vulnerability which was leading to execution of remote commands. | 909 |
VBScript | Pop up a calculator - tested on non updated Internet Explorer 11 Windows 7 64/32 Pop up a calculator - tested on non updated Internet Explorer 11 Windows 7-10 (a bit slow on win10) | 27 |
Latex to RCE, Private Bug Bounty Program | I had participated in a private bug bounty program about one year ago, I want to publish what I’ve learned from. The CMS was a journal site giving service to authors, editors and etc. I accomplished to get editor account by an XSS which I’m not going through with this story. | 233 |
How I Chained 4 Bugs (Features?) into RCE on Amazon Collaboration System | In past two years, I started to pay more attention on the “inconsistency” bug. What’s that? It’s just like my SSRF talk in Black Hat and GitHub SSRF to RCE case last year, finding inconsistency between the URL parser and the URL fetcher that leads to whole SSRF bypass! | 1968 |
Ruby 2.x Universal RCE Deserialization Gadget Chain | This blog post details exploitation of arbitrary deserialization for the Ruby programming language and releases the first public universal gadget chain to achieve arbitrary command execution for Ruby 2.x. | 3596 |
WRITE UP – Private bug bounty $$,$$$ USD: “RCE as root on Marathon-Mesos instance” | Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a short story about why your professional background mather when you do bug bounties (in my case my job as DevOps engineer) if you know how something works, you might be able to break it. | 491 |
Remote Code Execution explained with real life bug bounty reports | While reading about RCE last week and searching through Zerodium and why it's so heavily paid, found this : https://www.youtube.com/watch?v=649Nb0YFOi | 57 |
Just Gopher It: Escalating a Blind SSRF to RCE for $15k | Typically for a wide scope bug bounty program I’ll start with subdomain enumeration to increase my attack surface, but in this case I was going after a single web application on my target (Yahoo Mail). | 1583 |
Chaining an Blind SSRF bug to Get an RCE | My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be discussing how I was able to get RCE by using Blind SSRF. | 192 |
👩💻IW Weekly #39 : $10,000 Bounty, Zero-click Account Takeover, Stored XSS, Open Redirection Vulnerability, SQL Injection, RCE, Reconnaissance Techniques, and much more… | Welcome to the #IWWeekly39 - the Monday newsletter that brings the best in Infosec straight to your inbox. IWCON2022 finally came to a glorious end ❤️ Thank you for joining us. | 657 |