Navigate CMS is “a powerful and intuitive content management system for everybody.” This CMS is used to keep multiple websites managed and updated via the easy-to-use user interface. I chose this application to dig into for vulnerabilities, so that I could practice for my upcoming OSWE exam, while also potentially getting some CVE’s under my belt.
12/22/2023Intigriti BSides/DefCon challenge
8/31/2023Similar to traditional buffer overflow attacks, in solidity, when variables are defined to be the legacy solidity uint type (and not the safe math version from OpenZeppelin), they can be overflown or underflown to reach unintended conclusions or chunks of code. Note: Only applicable to Solidity < 0.8, as Solidity >= 0.8 will default to an error Vulnerable Contract In the contract below the lockTime variable can be maliciously manipulated to allow an attacker to immediately withdraw funds, when they should only be able to after a week (see below): // The following happens upon depositing any amount into the vulnerable contract. lockTime[msg.sender] = block.timestamp + 1 weeks;
2/7/2022I recently found a vulnerability type which had been massively under-researched within the public domain. Leaving one, maybe two genuinely interesting research posts. In an attempt to fill a void I dove into a neo4j, which uses cypher queries. Many security specialists will recognise neo4j from the popular AD hacking tool "blood hound". Note that this post is a WIP, and the more I find, the more I'll add. Tips / Tricks Overwriting values in CREATE clauses CREATE clauses in neo4j can have values overwritten if we can inject after it's initial definition. What this means is, if the query creates an "account" object with an "admin" key that is defined before our injection point, we can overwrite it to True to make our account an administrator.
12/24/2021or
By clicking below, you agree to our terms of service.
New to HackMD? Sign up