/dev/posts/

Impact of the different Wifi security modes

Published:

Comparing the different Wifi/WPA authentication and key distribution methods (PSK, EAP, SEA).

Read more…

Browser-based attacks on WebDriver implementations

Published:

Some context and analysis about attacks on in WebDriver implementations.

Read more…

Lack of X.509 TLS certificate validation in OWASP ZAP

Published:

Lack of X.509 TLS certificate validation in OWASP ZAP (Zed Attack Proxy) could be used for man-in-the-middle attacks.

Read more…

DNS rebinding on ReadyMedia/minidlna v1.3.0 and below

Published:

A DNS rebinding vulnerability I found in ReadyMedia (formerly MiniDLNA) v1.3.0 and below. This is CVE-2022-26505.

Read more…

CSRF and DNS-rebinding to RCE in Selenium Server (Grid)

Published:

Vulnerabilities in found on the WebDriver endpoints of Selenium Server (Grid).

Read more…

DNS rebinding vulnerability to RCE in GeckoDriver

Published:

A DNS rebinding vulnerability I found in GeckoDriver which could be used to execute arbitrary shell commands. This is bug #1652612 and CVE-2021-4138.

Read more…

Cross-origin/same-site request forgery to RCE in chromedriver

Published:

I found a cross-origin/same-site request forgery vulnerability in chromedriver. It was rejected (won't fix) because it is only possible to trigger this from the cross-origin/same-site and not cross-site. In practice, it means it is really only possible to trigger this from another localhost-bound web application.

Read more…

CSRF to RCE in GeckoDriver

Published:

A Cross-Site Request Forgery (CSRF) vulnerability I found in GeckoDriver which could be used to execute arbitrary shell commands. CVE-2020-15660 has been assigned to this vulnerability. This was fixed by GeckoDriver v0.27.0 in 2020-07-27. This is bug #1648964.

Read more…

DNS rebinding vulnerability in GUPnP

Published:

GUPnP, a GNOME library for Universal Plug and Play (UPnP), was vulnerable to DNS rebinding attacks. This is CVE-2021-33516 and GUPnP issue #24. This was fixed in GUPnP 1.0.7 and GUPnP 1.2.5.

Read more…

DNS rebinding vulnerability in pupnp and npupnp

Published:

I found that pupnp was vulnerable to DNS rebinding attacks. npupnp, a fork a pupnp, was impacted as well. This is demonstrated using Gerbera a UPnP MediaServer.

Read more…

Page 2 of 4 | | | JSON Feed | Atom Feed