sobota, 29 kwietnia 2023

Fuzzing Fortigate 7

Continuing my journey with the Mutiny Fuzzing Framework one of the apps I decided to test was a Fortigate 7.x VM (what I initially described during the last TheHackSummit conference). Below you'll find more details about it. Here we go... 

sobota, 22 kwietnia 2023

Protocols Mutiny

From time to time I'm posting here some of the bugs I found in the past during my (file format) fuzzing adventures. This time we'll (again) try to focus a bit more on the protocol fuzzing scenarios. To continue - we will use Mutiny Fuzzing Framework. Here we go...

czwartek, 20 kwietnia 2023

Bruting FortiGates

After my previous adventures with FortiGate VM's I decided to check it again and finally finish some of the ideas I was talking about during the last The Hack Summit Conference (PL, 2022). One of them was to bypass FortiGate's "anti-bruteforce protection". Below you'll find the details about it. Here we go...

Postauth SQL injection in ZoneMinder 1.34.25

Few weeks ago I was looking for some (web) apps related to RTSP. Somehow I landed in TurnKeyLinux page where I found a VM with ZoneMinder (1.34.25).  Below you will find the details about the (postauth SQLi) bug I was able to spot. Here we go...

środa, 19 kwietnia 2023

Fuzzing DICOM - Crashing PaxeraHealth Viewer

After checking few other apps I found for fuzzing DICOM files I tried PaxeraHealth Viewer. Below you will find the details about it. Here we go...

Fuzzing DICOM - Crashing AMIDE

Similar to previous cases related to fuzzing DICOM software I used the same approach and decided to check the application called AMIDE. Few details about it you can find below. Here we go...

Fuzzing DICOM - Crashing MicroDicom

Just like before I found an application that was able to handle my fuzzing scenario so I decided to give it a try. Details from another 'night fuzzing session' you will find below. Here we go...

Fuzzing DICOM - (Local) Crashing Sante PACS Server

Few months ago I decided to fuzz a software related to DICOM file format. Quick local buffer overflow found in one of them - Sante PACS Server - is presented in the details below. Here we go... 

sobota, 15 kwietnia 2023