/dev/posts/

Bypassing XSS filters

Published:

In this post, I am describing some payloads which I used to bypass two distinct XSS filter implementations (such as Web Application Firewalls (WAF)) as well as the approach to design them.

Read more…

The FBI recommends using ad blockers

Published:

An interesting note from the FBI.

Read more…

UMA 2.0 diagrams

Published:

Some diagrams (mostly sequence diagrams) about UMA 2.0.

Read more…

Arbitrary code execution through kitty-open.desktop file association

ニャーニャー

Published:

In Debian kitty package, the kitty-open.desktop file would associate kitty +open with several MIME types. This could be used to arbitrary trigger code execution by serving a file with such a MIME type.

This has been introduced in kitty in 73a197fcd (2022-02-06) released as part of v0.24.3. This has been fixed in v0.26.5-5 of the Debian kitty package. Fixed upstream in 537cabca7 released in v0.29.0. Other distributions such as Ubuntu Lunar are still impacted.

Read more…

Shell command and Emacs Lisp injection in emacsclient-mail.desktop

Published:

Shell command injection and Emacs Lisp injection vulnerabilities in one of the Emacs Desktop Entry (emacsclient-mail.desktop) leading to arbitrary code execution through a crafted mailto: URI.

Read more…

Arbitrary file write in Stellarium file association

Published:

I found an arbitrary file write vulnerability (through path traversal) which would be exploited for arbitrary code execution in Stellarium (desktop version).

Read more…

MIME-type spoofing in Firefox/Thunderbird and file managers

Published:

An interesting spoofing attack resulting from the interaction between Firefox (or Thunderbird) MIME types handling and file managers.

Read more…

Code execution through MIME-type association of Mono interpreter

Published:

A dangerous file type association in Debian which could be used to trigger arbitrary code execution.

Read more…

OAuth 2.x and OpenID Connect sequence diagrams

Published:

Some sequence diagrams about OAuth 2.x and OpenID Connect.

Read more…

Entering in Podman containers

Published:

Some commands for interacting with the namespaces of Podman containers.

Read more…

Page 1 of 4 | | | JSON Feed | Atom Feed