wtorek, 31 grudnia 2019

Postauth RCE in latest NagiosXI

Last time I described few XSS bugs for latest Nagios (5.6.9). During the research and code review I found a possibility for RCE. Below you will find the details from the journey. Here we go...

poniedziałek, 30 grudnia 2019

sobota, 28 grudnia 2019

Testing SSRF in LiquiFireOS

During one bugbounty I found that the target webapp is presenting some 'interesting errors' in responses. ;) As this is always a nice and cool 'hint' to see during pentests/ctfs I decided to dig a little bit more. Below you will find the details for SSRF found in LiquiFireOS. Here we go...

piątek, 27 grudnia 2019

Testing Android apps - mini lab

Last time when we talked about Android apps on the blog we tried to play "Assasin's Creed". Today I decided to build a small lab to prepare it for future projects. Below you'll find few notes about it. Here we go...