Thank you Palo Alto Networks! https://securityadvisories.paloaltonetworks.com/
Full Disclosure – Veeam Backup Enterprise Manager Service v9
Vendor: Veeam Product: Veeam Backup Enterprise Manager Service v9.0.0.902 Type of vulnerability: Multiple, persistent Cross Site Scripting CVSS: 4.1 (AV:A/AC:L/Au:S/C:P/I:P/A:N) CVE: requested Exploit-DB OSVDB: Discovered by: GoSecure! Date of discovery: 16 september 2016 First contact with vendor: 18 september 2016 – Case Id: 01702458 Patching date: 24 march 2016 Full Disclosure: 25 march 2016 Details: A cross site scripting web vulnerability has been… (read more)
Barracuda Hall of Fame
Thank you Barracuda 😀 https://barracudalabs.com/research-resources/bug-bounty-program/bug-bounty-hall-of-fame-2/
Privilege escalation using Windows Credential Editor
As I wrote in this article is often trivial to become local admin on MS system if there isn’t a strong and clear security policy, but it’s also the same in a Unix environment. What is the next step? If an attacker becomes local admin of a company’s PC the next step is to become… (read more)
Full Disclosure – IPSwitch IMail Server WEB client vulnerability
Vendor: IPSwitch Product: IMail Server WEB client. Tested on 12.3 and 12.4 before 12.4.1.15 Type of vulnerability: Persistent Cross Site Scripting CVSS: 3.4 – Vector CVE: 2014-3878 Exploit-DB 33633 OSVDB: 107700 107701 107702 Discovered by: GoSecure! Date of discovery: 30 march 2014 First contact with vendor: 31 march 2014 – Case Id: 2-199617 Patching date:… (read more)
Sethc: Access to every PC and become local Admin
This article talk about to connetting to a pc when you don’t have password and: – you have physical access to the pc – you can boot from a CD/usb/other HD This is an old method that I rediscovered after many years and, with big surprise, is still present on modern MS operating systems (win… (read more)
Mysql_escape_string: the charset vulnerability
The mysql_escape_string is a deprecated and vulnerable PHP function used to sanitize the user input before it reaches the mysql query. It escapes most of special character that can be used by a malicious user to perform SQLi. This is an exampre of how the function works: root@bt:~# cat /tmp/esc_str.php <? … (read more)
Create a custom shellcode using System() function
Recently I have to write a custom shellcode that accommodate some specific features. Basically I have to avoid the use of some functions like WinExec() and ShellExecute() to create a remote code execution and insert it as payload in a test exploit. I have to search some other function that allow me to execute command… (read more)
Use Crontab to schedule tasks on Linux
You can use Crontab to schedule the execution of tasks. The command crontab -l list all the scripts already scheduled on your machine and the option -e runs the editing mode. The basic format string looks like this: A B C D E /bin/do_something.sh Where A = minutes (0-59) B = hours (0-23) C =… (read more)
The Password Attacks on Kali Linux. [Part 2]
This is a part of my article “The Password Attacks on Kali Linux” published on PenTest Magazine. I have the right to do up to 100 downloads of that magazines, so If you are interested on it you can download PenTest Extra 04_2013 for free using the following link. The only thing you need is… (read more)