This week in infosec: links

Friday, March 4, 2022    Post   529 words   3 mins read

Previous part

CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO - Apache JSPWiki is a leading open source Wiki engine, feature-rich and built around standard JEE components (Java, servlets, JSP), according to the Apache website. It seems to be used a common Java CMS used host websites similar to Wikipedia and seems fairly widespread.

Chainbreaker2 - Chainbreaker can be used to extract the following types of information from an OSX keychain in a forensically sound manner:

  • Hashed Keychain password, suitable for cracking with hashcat or John the Ripper
  • Internet Passwords
  • Generic Passwords
  • Private Keys
  • Public Keys
  • X509 Certificates
  • Secure Notes
  • Appleshare Passwords

Thick Client Penetration Testing — TCP traffic interception using mitm_relay and Burp - Thick client applications are those application which provides rich set of functionalities runs on user’s machine independent of the server. These kinds of applications usually need to follow some installation procedure by making use of the installation package or may need to set it up by manually.

How I bypassed PHP functions to read sensitive files on server - During the penetration testing of a target, the nuclei results show that the website of an organization is vulnerable to code execution vulnerability i.e CVE-2017-9841. The CVE-2017-9841 vulnerability lets a user run PHP code on vulnerable websites remotely, by exploiting a breach in PHPUnit lets us run desirable PHP codes and read sensitive files.

Exploiting CVE-2021-26708 (Linux kernel) with sshd - Alexander Popov has published an article Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux kernel which use a four-byte overwrite vulnerability to do privilege escalation. It’s really an excellent article that you can find all the details of reproducing privilege escalation.

Hunting for bugs in VMware: View Planner and vRealize Business for Cloud - Last year we found a lot of exciting vulnerabilities in VMware products. They were disclosed to the vendor, responsibly and have been patched. It’ll be a couple of articles, that disclose the details of the most critical flaws. This article covers unauthenticated RCEs in VMware View Planner (CVE-2021-21978) and in VMware vRealize Business for Cloud (CVE-2021-21984).

OAuth and PostMessage - Chaining misconfigurations for your access token - An OAuth misconfiguration was discovered in the redirect_uri parameter at the target’s OAuth IDP at https://app.target.com/oauth/authorize, which allowed attackers to control the path of the callback endpoint using the ../ character. It was chained with a postMessage misconfiguration at a different subdomain https://xyz.target.com/something/somepage.html that used the same IDP of authenticating the user which lead to access token leakage and account takeover.

Re-ReBreakCaptcha: Breaking Google’s ReCaptcha v2 using.. Google.. Again - A logic vulnerability working 5 years later, dubbed ReBreakCaptcha, which lets you easily bypass Google’s ReCaptcha v2 anywhere on the web.

Jbin Website Secret Scraper V1.4 (Python) - Jbin will gather all the URLs from the website and then it will try to expose the secret data from them. It collects both URLs and JS links to scrape secrets out of it. Also if you are looking for a specific string in a page or want to run custom regex then you can do that too now with the new release, It also provides you with a informative excel report.