- #OPENOFFICE BUG ALLOWS HACKERS TO SIGNED PDF#
- #OPENOFFICE BUG ALLOWS HACKERS TO SIGNED FULL#
- #OPENOFFICE BUG ALLOWS HACKERS TO SIGNED ANDROID#
#OPENOFFICE BUG ALLOWS HACKERS TO SIGNED ANDROID#
018 – Home invasions, snoopy apps and Android versus iOS Securiosity:What’s going on with Derbycon?.A string consisting of two “less-than” signs when passed to the file_get_contents function gets replaced with an asterisk - only on Windows Podcasts HackerOne Hacker Interviews - PHP: Bypass filters using less-than signīypass filters using Remote Code Execution on Electron Applications.Other amazing things we stumbled upon this week Videos He didn’t release it but his explanations might give you new ideas for improving your own automated bug hunting tools.Īlso, he shared his tool Scanomaly, a web application fuzzer scanner, which is part of that framework. What’s most intriguing/interesting is his framework “recron” which is an “automated continuous recon framework”. The author of this blog post, a professional pentester, shares some tidbits on his pentesting methodology and custom tools. It’s inspired from Snallygaster but includes more tests, is fast (because written in Go), and is highly customizable (new tests can be easily added without writing code). Inception does the opposite: test the same thing on a list of targets. Tools like Burp Intruder allow sending multiple requests to the same target. Imagine you want to test a list of targets from your previous bugbounty notes for one specific test, a new endpoint, an XSS payload, a search for a hidden file/directory (like. Exploiting Vulnerabilities Through Proper Reconnaissance (ShellCon 2018).It’s worth reading and merging with your own current methodology.Īlso, I’m not sure these are the right talks accompanying the slides, but they should at least give you some context around them: It touches a little bit of everything: asset discovery, OSINT, content discovery, and more. This is a nice addition to existing public recon methodologies. It’s the Little Things II: Exploiting Vulnerabilities Through Proper Reconnaissance The bugs detected allow malicious RDP servers to get remote code execution on these clients… 3. This made the news on generic infosec sites because two of the clients tested are vulnerable to reverse RDP attacks. Reverse RDP Attack: Code Execution on RDP ClientsĬheck Point researchers tested different RDP clients: rdesktop, FreeRDP and Mstsc.exe (Microsoft’s RDP client). This is pretty advanced stuff but every stage is detailed and well explained, including tools and references.
#OPENOFFICE BUG ALLOWS HACKERS TO SIGNED FULL#
He then escalated the attack over multiple stages until he got a full blind XXE. He was able to trigger a DNS request from the target server (using Burp Collaborator).
#OPENOFFICE BUG ALLOWS HACKERS TO SIGNED PDF#
(BLIND XXE OOB over DNS)Īnother great video by It’s a writeup for a blind XXE OOB over DNS using a PDF file upload.Ĭlassic file upload payloads & attacks didn’t work, so the last thing that tried was sneaking XML entities through PDF files. Video of the weekĪ $7.500 BUG Bounty Bug explained, step by step.
This issue covers the week from 01 to 08 of February. Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
0 kommentar(er)
