piątek, 27 marca 2020

Creating poc for preauth Symantec Web Gateway RCE

Last time we talked about postauth RCE bug I found in Symantec Web Gateway. Today we'll try to find few more bugs - this time for unauthorized users. Here we go...

czwartek, 26 marca 2020

Postauth RCE in Symantec Web Gateway

Last time I decided to check Symantec Web Gateway (version I tried was Below you will find few notes from the journey. Here we go...

czwartek, 19 marca 2020

Creating poc for NagiosXI 0day

I see you liked the 'NagiosXI series' ;) so I prepare a quick step-by-step tutorial for you. Reader will be able to create his/her own working poc for the 0day bug(s) described here. Here we go...

środa, 18 marca 2020

sobota, 14 marca 2020

piątek, 13 marca 2020

Postauth SQLi in latest NagiosXI 5.6.11

Yesterday I found that latest NagiosXI (5.6.11) is vulnerable to multiple (postauth) XSS bugs. Today I decided to continue the research to find out if I will find some other bug(s). Below you will find the details. Here we go...

środa, 11 marca 2020

Nagios 5.6.11 XSS'd

Because today most of time I was in a train... most of time I spent on checking latest Nagios XI (5.6.11) VM. :) Below you will find few notes about it. Here we go...