Pentesting a ClickHouse DB
I recently ran across an application that allowed access to a ClickHouse DB for my user. The access was allowed, so that isn't an issue. However, when we as pentesters or bug…
tag
22 posts
I recently ran across an application that allowed access to a ClickHouse DB for my user. The access was allowed, so that isn't an issue. However, when we as pentesters or bug…
A while back the illustrious team over at Project Discovery wrote about the discovery of an SQLi in Masa/Mura CMS . It's a good writeup, so go check it out for the technical…
If you're a pentester or bug bounty hunter that is trying to do some iOS mobile application testing, half the battle is getting a phone properly jailbroken so you can proxy HTTP…
Note: disregard any layout/content/formatting errors as this post was migrated from wordpress to jekyll As mentioned in a previous post, I was the July RotM for the DoD VDP…
I was recently awarded the DoD Researcher of the Month for July, 2023 . Between moving across the country and other hacking duties, I still had time to hammer away at a particular…
PyMedusa is a well known video library manager that many of us self hosted types may use to organize our libraries. I decided to give it a spin one day and found a classic OS…
I found a textbook SQLi in the Eufy Security application. Don't mind the heavy use of red blocks to redact. The first, normal request. Everything looks fine. Notice the response…
Organizr is a self hosted application written in PHP that basically helps you self host other services at your home. It's nifty application with a surprisingly large amount of…
I've continued my quest to translate exploits into Golang. Here is an RCE in Webmin due to broken access controls. Please see the following links for more information.…
These were given CVE 2022 43263 and CVE 2022 43264. I found these vulnerabilities in the latest version of Guitar Pro (1.10.2) on the iPad and iPhone. Neither one is that great of…
Once again, I decided to rewrite an exploit in Golang. Once again, I did thirty seconds of searching to find if someone had already written this one in Golang. Once again, I did…
Let's say you're doing a pentest, and you run across access to AWS Lambda. I recently learned you can get a persistent shell (for 15 minutes, at least) via Lambda, which seemed…
The weather station issues were given CVE 2022 35122 . I contacted the manufacturer in regards to these issues. They responded quickly. I wasn't expecting anything to be done…
This was given CVE 2022 35122. I recently purchased the ECOWITT GW1102 Home Weather Station . It's exactly what it sounds like a mini weather station for your house. It has all…
Prerequisites and Getting Started I sometimes like to spin up a virutal machine in the cloud, do some testing, and then tear it down. It doesn't even have to be for bug bounty…
This was given CVE 2022 25568. As mentioned in my previous posts here and here , I've done a little digging into the conditions that are required for the MotioneEye config file to…
Newer versions of Linux may not come with any sort of Python 2 installed. I recently wanted to run Sharpshooter , which is a "payload creation framework for the retrieval and…
I've been wanting to learn Go, and I learn by doing, so I decided to write a POC for CVE 2021 22205, which is fairly straightforward RCE in Gitlab that dropped a few weeks ago. My…
Getting Started with MotionEye MotionEye is an open source, web based GUI for the popular Motion CLI application found on Linux. I've known of the Motion command line app for…
I've been testing some new Python based CMSs and CMS like software. I've heard of Plone before, but I never had a chance to check it out until now. I was a couple of days into my…
A pull request has been submitted to remove this functionality and to depricate the old pickled settings, which is a wise security decision. Edit: This vulnerability has been…
TLDR: Read the code before you install random qbittorent plug ins. qBittorrent has a feature that allows you to install a search plugin to search for torrents on your favorite…