niedziela, 21 października 2018

Misconfigured Redis

One of the category of VMs available on Bitnami was tagged as #database. I decided to check Redis this time. My goal was to install it on clean Ubuntu 18 server and configure as 'vulnerable'. Let's say it will be our small 'vulnerable Redis Lab' ;) Here we go...


czwartek, 4 października 2018

OpenLDAP - from XSS to RCE

Today I was using OpenLDAP VM from TurnKeyLinux (version 1.2.3 - available here). After I found some small bug (postauth stored XSS) I was wondering how can I use it during my 'pentest'. Below you will find an example.

Here we go...