Vulnerabilities

/Vulnerabilities

Latest Vulnerabilities

CVE-2019-7629: RCE in an Open Source MUD Client

CVE-2019-7629: RCE in an Open Source MUD Client A few weeks ago I took the Corelan Advanced class and when I came back, I started poking at some open source projects that I personally use. It was a great exercise and I ultimately ended up with my first CVE. I was a little disappointed I [...]

By | February 18th, 2019|Categories: InfoSec, Vulnerabilities|0 Comments

Bypassing WAFs with JSON Unicode Escape Sequences

Bypassing WAFs with JSON Unicode Escape Sequences This blog post will discuss how I was able find a blind SQL injection, analyze a WAF, find a JSON unicode escape bypass, and then automate the bypass by writing a sqlmap tamper script. SQLi Identification WAF Analysis Bypass Identification Tamper Script SQLi Identification The particular payload that [...]

By | December 20th, 2018|Categories: InfoSec, Vulnerabilities|0 Comments

JWT Hacking 101

JWT Hacking 101 As JavaScript continues its quest for world domination, JSON Web Tokens (JWTs) are becoming more and more prevalent in application security.  Many applications use them, so it has become very important for me to know as much as I can and I want to share what I’ve learned. In this blog post [...]

By | December 8th, 2017|Categories: InfoSec, Vulnerabilities|0 Comments

EXE Hijacking in Git Bash for Windows

TLDR; Git Bash for Windows 1.x will execute any file named "git.exe" in the current directory when accessing the Windows context menu Discovery I was researching some old DLL hijacking vectors recently. Specifically, I was looking at the Metasploit module exploit/windows/browser/webdav_dll_hijacker. I wanted to see if this old 2010 exploit would work with Windows 8 [...]

By | October 30th, 2016|Categories: Vulnerabilities|1 Comment

Referer Redirection and Its Inconspicuous Danger

Referer Redirection and Its Inconspicuous Danger Recently I noticed some peculiar behavior on web application. I observed that in certain situations, the webpage would openly redirect to the ‘Referer’ header defined in the request. In this particular instance, the web application required some data from the user to perform that page’s function. When that data was not present, [...]

By | August 23rd, 2016|Categories: InfoSec, Vulnerabilities|0 Comments