by Bill Sempf
27. October 2019 08:28
Here's an interesting article on some non-JavaScript Cross-Site Scripting vectors.
https://x-c3ll.github.io/posts/CSS-Injection-Primitives/
Timely history lesson about the gradual movement of web application from primarily server-side to primarily client-side:
https://medium.com/young-coder/an-illustrated-beginners-guide-to-server-side-and-client-side-code-723cbb1db9ea
This isn't as new of an idea as the authors would like us to believe, but it is a good PoC of the CDN-related cache poisoning attack:
https://thehackernews.com/2019/10/cdn-cache-poisoning-dos-attack.html?m=1
Public disclosure of some bugs in AutoDesk discovered by binary fuzzing. Good way to get a look into this kind of testing - look breakdowns of CVEs.
https://fuzzit.dev/2019/10/25/discovery-and-analysis-of-2-dos-vulnerabilities-in-autodesk-fbx-1-unpatched/
PHP has a vector for remote code execution (combined with other known flaws) to patch if you can! Worth a read for the process, as well.
https://thehackernews.com/2019/10/nginx-php-fpm-hacking.html
That's the news, folks.
4ff09271-c8e8-4e83-8a27-ac7c50cb60e3|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
by Bill Sempf
20. October 2019 09:45
0e02d7ca-b23e-4a85-aab7-a9664cc481da|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags: ASTW
by Bill Sempf
13. October 2019 09:31
Portswigger has some good research on a new angle for cross-site leak attacks:
https://portswigger.net/research/xs-leak-leaking-ids-using-focus
Serverless inftastructures are slipping through the cracks as far as security testing goes. Here's a new tool for Amazon Lambda - hopefully it leads to more.
https://www.darknet.org.uk/2019/10/lambdaguard-aws-lambda-serverless-security-scanner/
Mozilla isolated an interesting RCE bug in iTerm2:
https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/
Eric Lawrence (of Fiddler fame) has a good writeup on Chrome's new direction for cookies:
https://textslashplain.com/2019/09/30/same-site-cookies-by-default/
And that's the news.
c1d56f29-c478-43e5-aece-aa62289e7e82|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
by Bill Sempf
6. October 2019 12:40
This is a blog entirely dedicated to security analysis of mobine apps. No idea who writes it but it is good.
https://theappanalyst.com/
Neat writeup on going from SQL Injection to Remote Code Execution.
https://medium.com/bugbountywriteup/sql-injection-to-lfi-to-rce-536bed29a862
I've been on a PHP project recently, and I learned about this cool tool to bypass disable_functions.
https://github.com/mm0r1/exploits/tree/master/php7-gc-bypass
Speaking of PHP, the statis code analysis tool I learned to use was Exakat. Steep learning curve but unbelievable reports. And open source!
https://github.com/exakat/exakat
That's the news, folks.
19df147c-91e1-4452-98d3-861754355a28|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
AppSec