Posts

Exploiting Struts RCE on 2.5.26

Image
Exploiting Struts RCE on 2.5.26 Abstract Late last year, 2020, a fix for a remote code execution (RCE) vulnerability discovered by Alvaro Munoz and Masato Anzai, was published by Apache Struts that goes by  S2-061  or CVE-2020-17530 a " Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution - similar to  S2-059   or  CVE-2019-0230. While fixes to both have helped in limiting the vulnerable scenarios while using the Struts2 library and strengthening its sandbox, remote code execution is still possible in the latest versions of Struts 2.5.26.  While the sandbox escape written below is new and works on Struts 2.5.26 ,  i t was just mentioned to me this OGNL evaluation was originally reported by Man Yue Mo and Alvaro Munoz. Please check out their great work here: https:// securitylab.github.com/research/apach e-struts-double-evaluation/ … https:// securitylab.github.com/advisories/GHS L -2020-205-double-eval-dynattrs-struts2/ The

Hello World

  class HelloWorld { public static void main(String[] args) { System.out.println("Hello, World!"); } }

Adobe XSS Vulnerability Discovered - Responsibly Disclosed

Image
Recently I stumbled upon a XSS vulnerability in one of Adobe's services and reported it to their security team. It took less than 2 weeks to address the issue and produce a fix.Well done. Here is the link to their acknowledgments:  http://helpx.adobe.com/security/acknowledgements.html

Google Security Vulnerability Discovered - Responsibly Disclosed

Image
About a month ago I stumbled upon a vulnerability in one of Google's services and reported it to their security team. In less than 48 hours they had quickly addressed the issue and validated it's legitimacy and importance. I was quite impressed by how fast they were able to reply to my email and was glad to see how serious they took the issue. Well done. Here is the link to their hall of fame list  http://www.google.com/about/appsecurity/hall-of-fame/reward/