wtorek, 26 czerwca 2018

Exploiting CyberArk 10.2.1.603

Some time ago I found few bugs in CyberArk (version 10.2.1.603). I think that because all of them are 'for logged-in users only' - maybe you will find it useful. ;) Few details below...

Csharp: VulnJson - CTF

Below you will find some notes from Csharp: VulnJson - another nice CTF hosted by VulnHub. This time we will try to exploit SQL injection via JSON. Let's do it...

poniedziałek, 25 czerwca 2018

Fiddler Bug - case 01

One day I started Fiddler in a different way than usual. Below you will find few notes about it... ;]

billu b0x - CTF

When I was waiting for the results from john from the last post I decided to run another VM with new CTF box. This time I tried "billu: b0x" - machine prepared by Manish Kishan Tanwar. I started from...

Crashing Photoshop CS3

Last time when I was fuzzing I had a pleasure to find few bugs in one IBM product... This time you will find few similar bugs but for Adobe Photoshop CS3. Portable version is available somewhere online, so let's get to the details...

niedziela, 24 czerwca 2018

De-ICE: S1.140 - CTF

In the middle of time I was playing another cool CTF hosted by VulnHub. This time I decided to try De-ICE: S1.140 prepared for the series called ... De-ICE ;] Here we go...

WriteAV / NullPtrDeref for IBM Lotus Notes 8.5

Below you will find few new files from my 'small fuzzing session(s)'. Some older cases you can also find here but below we will present the crash of IBM Lotus Notes 8.5.3. Here we go...