Collaborate Disseminate
I have a legacy Windows application that needs to be looked over in terms of security. During this review something caught me eye. In the out of process COM server I’m looking at is a method that accepts an arbitrary class pointer. The met… Continue reading Is accepting arbitrary COM pointers over a process boundary safe?
I am doing a bug bounty. I intercepted the POST request to the inscription in the target website. I modified the first name and last name POST params to inject bad char (in order to SQL inject) but the API/Registration service sends me a r… Continue reading Is SerializationException sign of Serialization/Deserialization vulnerability?
I wanted to exploit my IIS CVE-2020-0688, which I saw that the key is the same as advertised.
The problem is that my IIS is old, and uses AppPool of .NET 2 and not .NET 4. Also I can use only GET as I don’t see a POST request using the vi… Continue reading Exploit CVE-2020-0688 for older versions
While performing a file upload, a template parameter is sent together with file. Service acts differently when different parameters are passed.
I need help to figure out what this parameter contains.
Here are two examples:
7b0fc4f83d3fc32… Continue reading Help to understand what’s inside base64 string [migrated]
I need help with the following issue, I need to generate a series of gadgets/payloads to exploit a blind java deserialization as the article[1](see article to see script) it creates a python script to automatically generate a… Continue reading How to encode base64 + gzip in python [closed]
tl;dr
I would love a detailed explanation how user-controlled input goes from readObject to RCE. Java-specific.
The background
This is my attempt to add specificity to the OP question as requested in the answer here.
I have been slowly but… Continue reading How do gadget chains work in relation to Java Deserialization attacks?
I have minimal experience exploiting deserialization vulnerabilities and I am working on and I have identified the following URL endpoint. This is it URL Decoded:
/Account/Register?Count=0&Keys=System.Collections.Gener… Continue reading Deserialization Opportunity?
Our own [Pat Whetman] wrote about a clever technique published by the University of Michigan, where lasers can be used to trigger a home assistant device. It’s an interesting hack, and you should go read it.
We’ve lived through several IPv4 exhaustion milestones, and the lack of …read more
Continue reading This Week in Security: BGP Bogons, Chrome Zero Day, and Save Game Attacks
For our October Nexus Intelligence Insight we will return to a very popular component that has been both a blessing and a curse to developers around the world. We’ll cover a fundamental change to a default setting and how that change in R… Continue reading Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist
Enterprise organizations have built much of their foundations on Oracle’s WebLogic servers. As ubiquitous as they are, it’s no wonder that they are often the target of sophisticated attacks aimed at harvesting sensitive data. It’s no surprise that lar… Continue reading Serialization: Protecting Enterprise Critical Applications