KRWX: Kernel Read Write Execute
Introduction Github project: https://github.com/kiks7/KRWX During the last few months/year I was studying and approaching the Kernel Exploitation subject and during this journey I developed few...
Intigriti XSS Challenge – December 2021
The approach to this challenge was completely different from the past two months, as the vulnerable component was on the backend, forcing us to approach...
Intigriti November XSS Challenge
The bug bounty program Intigriti hosts an XSS challenge every month. This time, the challenge was about bypassing CSP by reloading a VueJS instance, getting...
CVE-2021-43136 – FormaLMS – The evil default value that leads to Authentication Bypass
Preface As part of our recent research activity, we stumbled upon FormaLMS. The project is an open source Learning Management System built by forma.association and...
SA-CONTRIB-2021-036 NotSoSAML – Privilege Escalation via XML Signature Wrapping on MiniorangeSAML Drupal Plugin
This is a brief story about how we found a vulnerability on a drupal plugin that, when not configured correctly, could allow an authenticated user...
CVE-2020-35749 – Authenticated Directory Traversal Simple Job Board WordPress plugin version < 2.9.3
During our research activities we discovered an authenticated local inclusion in the Simple Job Board Wordpress plugin. The Simple Job Board Wordpress plugin has reached...
ownCloud Multiple Vulnerabilities
During one of our research activities we discovered several flaws in the ownCloud product.ownCloud is a popular open-source cloud service similar to Google Drive and the last...
Matrix Synapse 1.12.3 – SSRF and Cache poisoning
tl;dr The Matrix Synapse servers have been found affected by a security issue about the lack of a validation system for "Server-to-server" API leading to SSRF and...
Android IPC: Part 2 – Binder and Service Manager Perspective
Introduction As mentioned in the previous article, Android uses the Binder for IPC communications. Good to know, the Binder was not created by Google. Its...
Multiple SSRF on Vanilla Moodle Installations
During the time dedicated to research we found 2 Server-Side Request Forgery on Moodle. The first one is a Blind SSRF already discovered in 2018 and tracked...