Skip to the content
Hacktive Security Blog
  • Pin Posts
  • Home
  • Cristian Giustini

Cristian Giustini

Principal Security Consultant @ Hacktive Security
0
3
Application Security

CVE-2021-43136 – FormaLMS – The evil default value that leads to Authentication Bypass

Cristian Giustini
October 5, 2021January 1, 2022
Preface As part of our recent research activity, we stumbled upon FormaLMS. The project is an open source Learning Management System built by forma.association and...
Read More
0
0
SA-CONTRIB-2021-036 NotSoSAML – Privilege Escalation via XML Signature Wrapping on MiniorangeSAML Drupal Plugin
Application Security

SA-CONTRIB-2021-036 NotSoSAML – Privilege Escalation via XML Signature Wrapping on MiniorangeSAML Drupal Plugin

Cristian Giustini
July 9, 2021January 18, 2022
This is a brief story about how we found a vulnerability on a drupal plugin that, when not configured correctly, could allow an authenticated user...
Read More
0
0
Matrix Synapse 1.12.3 – SSRF and Cache poisoning
Application Security

Matrix Synapse 1.12.3 – SSRF and Cache poisoning

Cristian Giustini
June 14, 2020July 24, 2021
tl;dr The Matrix Synapse servers have been found affected by a security issue about the lack of a validation system for "Server-to-server" API leading to SSRF and...
Read More
0
0
Daikin Emura Series – Arbitrary Remote Control via DNS Rebinding
Internet of Things

Daikin Emura Series – Arbitrary Remote Control via DNS Rebinding

Cristian Giustini
December 14, 2018July 15, 2021
There is a lot of hype around DNS rebinding vulnerability and vulnerable IoT devices, including home cameras, air conditioners or climate control devices; this flaw...
Read More
0
0
Facebook chat / dashboard content injection
Application Security

Facebook chat / dashboard content injection

Cristian Giustini
January 3, 2018July 15, 2021
I often wondered how link generation functionality is implemented by major social network applications and, more specifically, the preview generation. Some time ago a friend...
Read More

Recent Post

CVE-2022-2602: DirtyCred File Exploitation applied on an io_uring UAF

Lock Picking – Part 1

How an Akamai misconfiguration earned us USD 46.000

Workshop: Linux Kernel Exploitation 101 – Part 2

Workshop: Linux Kernel Exploitation 101 – Part 1

Top Category

Application Security

Mobile

Exploitation

  • Pin Posts
Copyright © 2023 Hacktive Security Blog. All rights reserved.
Theme: Masonry Grid By Themeinwp. Powered by WordPress.
To the Top ↑ Up ↑