CSRF and DNS-rebinding to RCE in Selenium Server (Grid)
Published:
Vulnerabilities in found on the WebDriver endpoints of Selenium Server (Grid).
DNS rebinding vulnerability to RCE in GeckoDriver
Published:
A DNS rebinding vulnerability I found in GeckoDriver which could be used to execute arbitrary shell commands. This is bug #1652612 and CVE-2021-4138.
Introduction to TLS v1.2
Published:
Some notes about how TLS v1.2 (Transport Layer Security) works. The goal explain what is going on in a network traffic dump, the role of the different TLS extensions, the impact of the different cipher suites on security, etc. It includes several diagrams and many references.
Cross-origin/same-site request forgery to RCE in chromedriver
Published:
I found a cross-origin/same-site request forgery vulnerability in chromedriver. It was rejected (won't fix) because it is only possible to trigger this from the cross-origin/same-site and not cross-site. In practice, it means it is really only possible to trigger this from another localhost-bound web application.
CSRF to RCE in GeckoDriver
Published:
A Cross-Site Request Forgery (CSRF) vulnerability I found in GeckoDriver which could be used to execute arbitrary shell commands. CVE-2020-15660 has been assigned to this vulnerability. This was fixed by GeckoDriver v0.27.0 in 2020-07-27. This is bug #1648964.
Firefox DoH DNS rebinding protection bypass using IPv4-mapped addresses
Published:
I found that the filtering of private IPv4 addresses in the DNS-over-HTTPS (DoH) implementation of Firefox could by bypassed. This is CVE-2020-26961 and Mozilla bug 1672528. It has been fixed in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5.
DNS rebinding vulnerabilities in Freebox
Published:
I found some DNS rebinding vulnerabilities in Freebox devices (CVE-2020-24374, CVE-2020-24375, CVE-2020-24376, CVE-2020-24377) as well as a Cross Site Request Forgery (CSRF) vulnerability (CVE-2020-24373). These vulnerabilities were fixed in 2020-08-05.
Remote code execution via cross site request forgery in InternetCube and YunoHost
Published:
How I found remote code execution vulnerabilities via Cross Site Request Forgery (CSRF) on the administration interfaces of InternetCube applications and of the YunoHost administration interface which could have been used to execute arbitrary code as root. These vulnerabilities were fixed in YunoHost 3.3, OpenVPN Client app 1.3.0. and YunoHost 3.4.
IP address spoofing in order to watch South Park
Published:
Trying to bring back some old IP spoofing Firefox extension for watching South Park episodes.
Use HTML pipeline in Middleman
Published:
How to use html-pipeline in middleman.
Page 2 of 2 | Previous page | Next page | JSON Feed | Atom Feed