Tuits
- Tuits, pàgina actual.
- Tuits i respostes
- Continguts
Has blocat @SonarSource
Estàs segur que vols veure aquests tuits? Això no desblocarà @SonarSource.
-
Java's URI.resolve() will return its parameter if it is an absolute URL, which can be abused to perform SSRF. By using http:/example.com# as artifact the final URL will start with http:/example.com#, which the OkHttp library will accept when making the request.
Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
This is our final code puzzle for this year, thank you all for your participation! Please take 2 minutes to fill our feedback form so we can make the next edition even better: https://forms.gle/Ghrzwgpv4VW6BLeB8 … We will reach out to the winners over Twitter in early January.
Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
@LiveOverflow did a great video about the exploitation of such bugs:https://www.youtube.com/watch?v=MBz5C9Wa6KM …Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
This is indeed a format string vulnerability! The second argument of syslog() is supposed to be a format, not arbitrary data. In this case, the compiler emits a warning (-Wformat-security) but that’s not the case for the dependencies you may use.
Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
Can you spot the vulnerability?
#codeadvent2021 Can you (re)solve this#Java challenge?pic.twitter.com/dnUzBx0ovAMostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
Two bugs were to be found. addslashes() is not enough to protect against SQL injections because the interpolated value is not surrounded by quotes. This value is later used in the external shell call without proper escaping. A payload like 1--$(id>foo) is enough to gain RCE!
Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
Can you spot the vulnerability?
#codeadvent2021#c Does anybody know where to buy a big Faraday cage?pic.twitter.com/FS87JHR9MSMostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
Can you spot the vulnerability?
#codeadvent2021#php One bug? Two bugs? You decide!pic.twitter.com/2u4GBmSUF6Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
Extracted files are sanitized against Path Traversals. However, after two dots were removed from the target filename, backslashes were removed. This means that an attacker could craft a path such as .\./.\.shell.jsp, which turns into ../../shell.jsp
Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
Can you spot the vulnerability?
#codeadvent2021#java How can you do a path traversal if all dangerous characters are removed?pic.twitter.com/S1XyZPnMvPMostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
You can achieve RCE by uploading a malicious file called `img-converter.exe` that will then be executed instead of the one installed on the system.
Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
When executing commands by name (e.g. `img-converter`) on Windows, the OS looks for the executable in the current directory first and only after that in the PATH. This applies here because the command is executed in the directory where the file is copied to.
Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
Gràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés
-
Can you spot the vulnerability?
#codeadvent2021#javascript#express Sometimes bugs are in the code but they depend on the OS. What can go wrong here on Windows but not on Linux?pic.twitter.com/W5D4KMovh6Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
It was an easy one for the week-end: after looking at python_jwt, we can notice that the function at line 10 processes the token but does not verify its signature. Thus, in line 12, an attacker can impersonate any user, resulting in login bypass.
Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
Can you spot the vulnerability?
#codeadvent2021#python Find a bypass and login as an admin!pic.twitter.com/Tyla5lBROkMostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
When parsing the JSON data, fastJSON invokes CSRFToken’s setters, leading to a command injection. This is the theory behind crafting "chains" to exploit arbitrary deserialization vulnerabilities, based on the behaviour of the library and the available classes.
Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
Here is the answer: there are two ways to serialize classes in PHP, both with O: and C:. The second encoding mode is not supported by the blocklist, and arbitrary objects could then be deserialized! It's not enough to get RCE, but it's a good start.
Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
Can you spot the vulnerability?
#codeadvent2021#csharp You can never get wrong with JSON.pic.twitter.com/TQy4b83FuAMostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés -
Can you spot the vulnerability?
#codeadvent2021#php No more unsafe deserialization with this simple trick.pic.twitter.com/0G0BdL5J29Mostra el filGràcies. El Twitter ho farà servir per millorar-te la cronologia. DesfésDesfés
Sembla que triga molt a carregar-se.
És possible que el Twitter hagi assolit el límit de capacitat o que experimenti una sobrecàrrega momentània. Torna-ho a provar o vés a l'estat del Twitter si en vols obtenir més informació.