Collaborate Disseminate
I have identified an XXE vulnerability in an XML parser of an application that allows external entities.
I used the below crafted xml to do a get request on localhost on port 9090, and on the same machine where the XML parser runs, I start… Continue reading could XXE vulnerability lead to an RCE
Instead of using ESP , to get the return address, why not use EBP and sum it 4 ? thats the location of return address…is that possible?
thanks!
andre
Continue reading buffer overflow use ebp instead of esp (ebp+4 = ret address)
As per the NVD description and the httpd official website, the vulnerability states:
"Serving WebSocket protocol upgrades over a HTTP/2 connection could
result in a Null Pointer dereference, leading to a crash of the server
process, … Continue reading how to exploit CVE-2024-36387 in httpd [closed]
I am learning about shellcode development in C with an example from here. I can compile the assembly code and get de opcodes, also I can run successfully the ELF compiled with NASM, but I get a segmentation fault when I run the C test appl… Continue reading Segmentation fault in C shellcode x64
I am running nmap on an http server, and I got the netty version used by the server.
Netty version used is 9.4.53.v20231009 , I tried to check online for CVEs related to this version, and it seems this versions is not directly linked to CV… Continue reading can vulnerabilities in transitive dependencies be exploitable?
I’m trying to overwrite the return address caused by a buffer overflow. I’ve already calculated the distance between the buffer and the return address. The address that I want to jump to is 0x00005555555314 but every time I try to use \x14… Continue reading Can’t print hexadecimal formatted address in buffer overflow
I have asked this question on The WorkPlace SE site and did not receive any comprehensive answers over there. I have around 10 years of cybersecurity industry experience and have gained proficiency in using MetaSploit framework for automa… Continue reading How can I safely write in my resume that I have written a MetaSploit exploit module without making employers nervous?
It was hard to find papers on the applications of logical paradoxes(such as how Turing’s proof of the halting problem) or automata theory on penetration testing or exploit discovery. What are some projects one could work on to delve furthe… Continue reading What are some applications of automata theory and logical paradoxes on penetration testing and exploit discovery? [closed]
I discovered reading the documentation for int() in python that I could execute operating system commands if something like the following were passed to the int() constructor:
type(”,(),{‘a’:5,’b’:6,’c’:7,’__int__’:lambda x : exec("i… Continue reading Python Code Injection With int()
I am working through this guide and trying to implement a basic x64 buffer overflow on Linux.
I am having an issue whereby if the address I provide is a valid address and points at valid instructions it will not be loaded into RIP (I don’t… Continue reading Overwriting a value won’t load into RIP on x64 Linux