Tag: exploit

    Compact view
  • July 27, 2022
    Python vulnerabilities : Code execution in jinja templates

    We will see how to create context-free payloads for jinja2, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.
    July 27, 2022 Python vulnerabilities : Code execution in jinja templates
  • May 25, 2022
    CVE-2022-29710 - LimeSurvey - XSS with plugin upload in uploadConfirm.php

    LimeSurvey v5.3.9 and below allows attackers to include javascript or HTML code in the config.xml file of a plugin.
    May 25, 2022 CVE-2022-29710 - LimeSurvey - XSS with plugin upload in uploadConfirm.php
  • August 26, 2021
    Python context free payloads in Mako templates

    We will see how to create context-free payloads for Mako, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.
    August 26, 2021 Python context free payloads in Mako templates
  • July 27, 2021
    Python vulnerabilities : Code execution in jinja templates

    We will see how to create context-free payloads for jinja2, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.
    July 27, 2021 Python vulnerabilities : Code execution in jinja templates
  • March 24, 2021
    Python format string vulnerabilities

    Python format strings can be very useful but they can be prone to vulnerabilities when misused.
    March 24, 2021 Python format string vulnerabilities
  • March 10, 2021
    Exploiting Micro Focus Enterprise Server Administration (ESA) 1.09.56 to root the host

    In this article I will demonstrate how to exploit Micro Focus Enterprise Server Administration (ESA) 1.09.56 to create a root account on the host server
    March 10, 2021 Exploiting Micro Focus Enterprise Server Administration (ESA) 1.09.56 to root the host
  • February 17, 2021
    Exploiting CVE-2020-14144 - GiTea Authenticated Remote Code Execution using git hooks

    The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood.
    February 17, 2021 Exploiting CVE-2020-14144 - GiTea Authenticated Remote Code Execution using git hooks
  • September 20, 2020
    CVE-2020-16147 - Telmat - Unauthenticated root RCE

    An unauthenticated code injection on the login page of Telmat AccessLog, Gît@Box and Educ@Box with software version <= 6.0 (TAL_20180415) allows Remote Code Execution (RCE) as root.
    September 20, 2020 CVE-2020-16147 - Telmat - Unauthenticated root RCE
  • September 20, 2020
    CVE-2020-16148 - Telmat - Authenticated root RCE

    An authenticated code injection on the Administration avancee (Advanced administration) page of Telmat AccessLog, Git@Box and Educ@Box with software version <= 6.0 (TAL_20180415) allows Remote Code Execution (RCE) as root.
    September 20, 2020 CVE-2020-16148 - Telmat - Authenticated root RCE