Category

Web Application Security

Category

New critical Apache Unomi exploit was released yesterday. As an official press release says: “Apache Unomi is the industry’s first reference implementation of the upcoming OASIS CDP specification (established by the OASIS CXS Technical Committee, which sets standards as a core technology for enabling the delivery of personalized user experiences). As a reference implementation, Apache Unomi serves as a real world example of how the standard will be stable, and is quickly gaining traction by…

In the latest version of Wallarm Node, we integrated a new attack detection engine that will work with a combination of current detects. Libdetection is a unique open-source project (https://github.com/wallarm/libdetection), that provides a signature-free payloads detection by implementing a syntax analysis and the base theory of grammars. Libdetection uses a formal model for attack detection, which allows it to make a decision based on the type of attack. This approach allows us to implement the…

In the recent post (https://lab.wallarm.com/340-weak-jwt-secrets-you-should-check-in-your-code/), we presented a wallarm/jwt-secrets GitHub repository with a 340 JSON Web Token secrets available publicly. Using this data, it’s possible to check if you or your developers forgot to change default secrets or used a weak 3rd party library with it. However, the project was not stalled and nowadays we are happy to announce a huge update, which includes more than 1800 new JWT secrets grabbed from public sources like…

This article explains how to exploit Oracle WebLogic for remote code execution by using valid credentials. It’s useful during black-box security audits, pentests, and infrastructure audits, including automated vulnerability scanning. To set up an example playground, we will use the following docker container: docker run -p7001:7001 –name weblogic –rm vulhub/weblogic:12.2.1.3 Again, we need to have management rights & access to the administrator console (/console web endpoint) to cause remote code execution in Oracle WebLogic. In…

A lot of information about detected malicious requests is already available in the Wallarm console UI. However, the search functionality of the Wallarm UI does not provide full visibility into every type of potential attack or full details of a particular alert. If this level of visibility is desired, a script can use the Wallarm API to extract this data and send it to one of a number of different targets. This article provides an…