Tag

Vulnerability

Browsing

Today we will explore an exciting method to remotely execute code even if an administrator set disable_functions in the PHP configuration file. It works at most popular UNIX-like systems. CVE-2018–19518 was assigned to the vulnerability was found by a man with the @crlf nickname. Let’s see details of that vulnerability and how can we exploit it. Testing Environment For testing manipulations, we need to up a testing environment. I’ll use docker container with Debian 9…

A key element of any security solution, whether its a WAF, NGWAF, RASP or even a SIEM or a classic IDS, is the ability to correctly detect whether an incoming API request is malicious. The traditional way to do it is using signatures and regular expressions (regex). Some sets of signatures are open-sourced such as Core Rule Set, others are commercial sources of signatures. Although wide-spread, classifying inputs with the help of signatures is not…

In a recent article published by Security Boulevard, we talked about OWASP Top 10 Risk classification and overlap. In this post, we will examine tools that allegedly help address these risks. You may be at more risk than you’ve been lead to believe. The following is an OWASP Risk Overlap diagram (based on the Security Boulevard article) will be used to illustrate different threat intelligence and detection mechanisms. The following color-coded visual aids help understand…

New Drupal Vulnerability in Detail By @aLLy The second Drupalgeddon has come! It is a new variant of a critical vulnerability in one of the most popular CMSs, which caused a big stir. This newly-discovered breach allows any unregistered user execute commands in the target system by means of a single request. The problem is further aggravated by the fact that it puts all the most current versions of the application (7.x and 8.x branches, up…

Ruby on Rails is a popular application platform that uses cookies to identify application sessions. The cookie consists of two parts: cookie-value and signature. Whenever Rails gets a cookie, it verifies that the cookie has not been tampered with by verifying that the hash/signature of the cookie-value sent matches the signature sent. Demarshalling cookies to retrieve the content generally consists of three logical steps: url_decoded_cookie = CGI::unescape(cookie_value) b64_decoded_session = Base64.decode64(url_decoded_cookie) session = Marshal.load(b64_decoded_session) During many…