• gab.com XSS

    Gab is a microblogging service, primarily based on Mastodon. It’s maintained by some hard right wing weirdos with questionable expertise. They had an XSS vulnerability (one amongst many types of issues, it turned out) and was patched 2021-02-26. It’s written in Ruby and I don’t know Ruby at all but it’s pretty obvious what the […]

  • CMS Made Simple Blind SQL Injection, Resurrected

    This was found while working on a HackTheBox challenge. I won’t go into details of the challenge, because that’s not the point. The challenge box was running an old version of CMS Made Simple, a Content Management System written in PHP. When approaching the box, it’s easy to determine the version and find the public […]

  • iDRAC6 web session hijacking

    iDRAC provides out-of-band access to managed servers. It allows you to manage a remote server, providing access to the screen and other management functions. Most server manufacturers offer similar capabilities (e.g. iLO, IPMI, …). In effect, it’s an IoT device that is wired into the server allowing access even while the server is powered off. […]

  • Siteminder Memory Leak

    CA Siteminder is an authentication provider for web interfaces. It’s widely deployed and can be used as a Single Sign-On for web services. It has an interesting bug which is surprising for a web interface, it was incorrectly decoding URL encoded content. This provides two interesting attacks, one more serious the other only useful as […]