wtorek, 31 grudnia 2019

Postauth RCE in latest NagiosXI

Last time I described few XSS bugs for latest Nagios (5.6.9). During the research and code review I found a possibility for RCE. Below you will find the details from the journey. Here we go...

poniedziałek, 30 grudnia 2019

Multiple XSS bugs in Nagios 5.6.9

This time I decided to check latest version of Nagios (5.6.9). Below you'll find few details from few hours of testing. Here we go...

sobota, 28 grudnia 2019

Testing SSRF in LiquiFireOS

During one bugbounty I found that the target webapp is presenting some 'interesting errors' in responses. ;) As this is always a nice and cool 'hint' to see during pentests/ctfs I decided to dig a little bit more. Below you will find the details for SSRF found in LiquiFireOS. Here we go...

piątek, 27 grudnia 2019

Testing Android apps - mini lab

Last time when we talked about Android apps on the blog we tried to play "Assasin's Creed". Today I decided to build a small lab to prepare it for future projects. Below you'll find few notes about it. Here we go...