[webapps] Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)
Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)
https://www.exploit-db.com/exploits/50173
Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)
https://www.exploit-db.com/exploits/50173
Exploit Database
Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)
Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE).. webapps exploit for PHP platform
Un nuevo grupo APT compromete servidores Microsoft IIS utilizando exploits ASP.NET
https://unaaldia.hispasec.com/2021/08/un-nuevo-grupo-apt-compromete-servidores-microsoft-iis-utilizando-exploits-asp-net.html
https://unaaldia.hispasec.com/2021/08/un-nuevo-grupo-apt-compromete-servidores-microsoft-iis-utilizando-exploits-asp-net.html
Una al Día
Un nuevo grupo APT compromete servidores Microsoft IIS utilizando exploits ASP.NET
En los últimos días, servidores web de Microsoft IIS han sido atacados haciendo uso de múltiples vulnerabilidades existentes en ASP.NET.
📃 "Comunica-Brecha RGPD, la herramienta que te asesora ante una brecha de seguridad" https://www.incibe.es/protege-tu-empresa/blog/comunica-brecha-rgpd-herramienta-te-asesora-brecha-seguridad
www.incibe.es
Comunica-Brecha RGPD, la herramienta que te asesora ante una brecha de seguridad | Empresas | INCIBE
Las empresas y autónomos deben enfrentarse en su día a día a situaciones que ponen en riesgo la continuidad de su negocio. Estas amenazas digitales pueden atenazar a la empresa y afectar de forma contundente a su correcto funcionamiento y viabilidad a corto…
[webapps] ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments
ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments
https://www.exploit-db.com/exploits/50178
ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments
https://www.exploit-db.com/exploits/50178
Exploit Database
ApacheOfBiz 17.12.01 - Remote Command Execution (RCE)
ApacheOfBiz 17.12.01 - Remote Command Execution (RCE). CVE-2020-9496 . webapps exploit for Java platform
PowerSnail - PowerShell alternative/restriction bypass
#PowerSnail #PowerShell
https://reconshell.com/powersnail-powershell-alternative-restriction-bypass/
#PowerSnail #PowerShell
https://reconshell.com/powersnail-powershell-alternative-restriction-bypass/
Penetration Testing Tools, ML and Linux Tutorials
PowerSnail - PowerShell alternative/restriction bypass - Penetration Testing Tools, ML and Linux Tutorials
Zoom pagará U$S 85 millones por mentir sobre el cifrado E2E
https://blog.segu-info.com.ar/2021/08/zoom-pagara-us-85-millones-por-mentir.html
https://blog.segu-info.com.ar/2021/08/zoom-pagara-us-85-millones-por-mentir.html
Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations
https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/
https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/
SentinelOne
Hotcobalt - New Cobalt Strike DoS Vulnerability That Lets You Halt Operations - SentinelLabs
CVE-2021-36798 is a vulnerability in Cobalt Strike server that could allow victims to register a fake Beacon and DoS attackers.
ExploitDB Just tweeted ****************************************** [webapps] GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated) https://t.co/7fw2g4DPy7
Exploit Database
GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated)
GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated).. webapps exploit for Multiple platform
[webapps] Moodle 3.9 - Remote Code Execution (RCE) (Authenticated)
Moodle 3.9 - Remote Code Execution (RCE) (Authenticated)
https://www.exploit-db.com/exploits/50180
Moodle 3.9 - Remote Code Execution (RCE) (Authenticated)
https://www.exploit-db.com/exploits/50180
Exploit Database
Moodle 3.9 - Remote Code Execution (RCE) (Authenticated)
Moodle 3.9 - Remote Code Execution (RCE) (Authenticated).. webapps exploit for PHP platform
Vulnerabilities in NicheStack TCP/IP Stack Affect Many OT Device Vendors.
https://www.securityweek.com/vulnerabilities-nichestack-tcpip-stack-affect-many-ot-device-vendors
https://www.securityweek.com/vulnerabilities-nichestack-tcpip-stack-affect-many-ot-device-vendors
SecurityWeek
Vulnerabilities in NicheStack TCP/IP Stack Affect Many OT Device Vendors
Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack, which appears to be used by many operational technology (OT) vendors. The vulnerabilities are collectively tracked as INFRA:HALT.
PetitPotam sigue sin estar resuelto, y Microsoft sigue recomendado mirar la luna y no el dedo, esto es: deshabilitar la Web PKI en un dominio cuando en realidad el problema son dos: seguir usando protocolo de autenticación NTLM en general, y el hecho de poder conectarte por RPC a al las llamadas MS-EFSR sin autenticación. Pero a alguien se ha acordado de una solución alternativa, puesto que no se sirve parar el servicio de cifrado por completo ni por supuesto bloquear el acceso RPC al sistema: bloquear filtros RPC concretos con netsh.
En la comunicación con pipes efsrpc y lsarpc, cliente y servidor intercambian un UUID concreto para saber de qué hablan, como indica la propia documentación:
“Remote servers MAY respond to EFSRPC messages sent using the well-known endpoint \pipe\lsarpc. When connecting to \pipe\efsrpc, the server interface is identified by UUID [df1941c5-fe89-4e79-bf10-463657acf44d], version 1.0. When connecting to \pipe\lsarpc, the server interface is identified by UUID [c681d488-d850-11d0-8c52-00c04fd90f7e”
El truco consiste en bloquear estos UUID con estos comandos (guardados en un fichero txt):
rpc
filter
add rule layer=um actiontype=block add condition field=if_uuid matchtype=equal data=c681d488-d850-11d0-8c52-00c04fd90f7e
add filter add rule layer=um actiontype=block
add condition field=if_uuid matchtype=equal data=df1941c5-fe89-4e79-bf10-463657acf44d
add filter
quit
Y luego ejecutarlo con netsh -f fichero.txt
Más información: https://twitter.com/gentilkiwi/status/1421949715986403329
En la comunicación con pipes efsrpc y lsarpc, cliente y servidor intercambian un UUID concreto para saber de qué hablan, como indica la propia documentación:
“Remote servers MAY respond to EFSRPC messages sent using the well-known endpoint \pipe\lsarpc. When connecting to \pipe\efsrpc, the server interface is identified by UUID [df1941c5-fe89-4e79-bf10-463657acf44d], version 1.0. When connecting to \pipe\lsarpc, the server interface is identified by UUID [c681d488-d850-11d0-8c52-00c04fd90f7e”
El truco consiste en bloquear estos UUID con estos comandos (guardados en un fichero txt):
rpc
filter
add rule layer=um actiontype=block add condition field=if_uuid matchtype=equal data=c681d488-d850-11d0-8c52-00c04fd90f7e
add filter add rule layer=um actiontype=block
add condition field=if_uuid matchtype=equal data=df1941c5-fe89-4e79-bf10-463657acf44d
add filter
quit
Y luego ejecutarlo con netsh -f fichero.txt
Más información: https://twitter.com/gentilkiwi/status/1421949715986403329
Twitter
🥝 Benjamin Delpy
Want to block [MS-EFSR] / #PetitPotam calls?🤔 Use RPC filters ! 🥳 put previous Tweet in a file: `block_efsr.txt` then: > netsh -f block_efsr.txt Just tested: it blocks remote connections & not local EFS usage Thank you to @CraigKirby to remind us this RPC…
Open Source pentesting tools for Blue Team
https://derechodelared.com/open-source-pentesting-tools-blue-team/
https://derechodelared.com/open-source-pentesting-tools-blue-team/
Derecho de la Red
Open Source pentesting tools for Blue Team
Una hoja de trucos en formato PDF, que contiene un conjunto de herramientas de código abierto recopiladas por el SANS Institute para el equipo de los azulones.
Advisory ID: VMSA-2021-0016
CVSSv3 Range: 3.7-8.6
Issue Date: 2021-08-05
CVE(s): CVE-2021-22002, CVE-2021-22003
Synopsis:
VMware Workspace One Access, Identity Manager and vRealize Automation address multiple vulnerabilities (CVE-2021-22002, CVE-2021-22003)
Impacted Products
VMware Workspace One Access (Access)
VMware Identity Manager (vIDM)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager
https://www.vmware.com/security/advisories/VMSA-2021-0016.html
CVSSv3 Range: 3.7-8.6
Issue Date: 2021-08-05
CVE(s): CVE-2021-22002, CVE-2021-22003
Synopsis:
VMware Workspace One Access, Identity Manager and vRealize Automation address multiple vulnerabilities (CVE-2021-22002, CVE-2021-22003)
Impacted Products
VMware Workspace One Access (Access)
VMware Identity Manager (vIDM)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager
https://www.vmware.com/security/advisories/VMSA-2021-0016.html