HITB 2016 PHP Challenge Write Up

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

UPDATE: I got word that rileykidd has posted his own write-up, if you would like to see another solution go to: http://rileykidd.com/2016/06/09/hack-in-the-box-2016-misc400-writeup-part-1/

The following is a write-up on our Hack in the Box 2016 PHP Challenge that was part of the CTF. The CTF’s goal was to give researchers and security researcher (as CTF was with security orientation) with a challenge that is more than “just” an SQL injection or “just” code execution.

If you would like the CTF challenge files, send us an email to ssd[]beyondsecurity.com.
Continue reading HITB 2016 PHP Challenge Write Up

SSD Advisory – Zyxel Remote Unauthenticated Code Execution (NSA310)

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Description
A remote unauthenticated code execution vulnerability in Zyxel NSA310 allows remote attackers to execute arbitrary code as a ‘root’ user. The product is being actively sold by Zyxel – http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Daps&field-keywords=ZyXEL+NSA310 – originally the vendor stated that “NSA310 for reasons being that it has been out End of life for over 2 years” which left every customer buying this product vulnerable to a serious security flaw without having any solution or remediation to it.

UPDATE Zyxel has released a new firmware, that claims to resolved the vulnerabilities listed below, we no longer have access to the hardware so we cannot confirm that it does
https://zyxel.box.com/s/ebm31culmcokm8bf7xymjx1v6z6zezrj

Continue reading SSD Advisory – Zyxel Remote Unauthenticated Code Execution (NSA310)

SSD Advisory – Acunetix WVS XSS, Memory Exhaustion and DoS

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Description
Three security vulnerabilities have been discovered in Acunetix WVS, these vulnerabilities allow a site owner that knows that his site will scanned by Acunetix (with permission or without) to target the user of the Acunetix and to cause the product to crash, exhaust memory of the scanner or to trigger a cross site scripting attack against the user during the configuration step and during the user’s reading of the final report.

All these vulnerabilities do not pose a harm greater than being an annoyance, beside the XSS which could be leveraged to preform cause more harm if it is combined with some social engineering aspects.

Continue reading SSD Advisory – Acunetix WVS XSS, Memory Exhaustion and DoS

SSD Advisory – Xerox DocuShare Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Introduction
DocuShare is a content management system developed by Xerox Corporation. DocuShare makes use of open standards and allows for managing content, integrating it with other business systems, and developing customized and packaged software applications.

Multiple vulnerabilities have been found in Xerox DocuShare:
 

  • DSUtilityLib.HelperObj.4 Activex Control ShowHelp Method lstrcatW() Call Stack Buffer Overflow Vulnerability
  • DSUtilityLib.HelperObj.4 ActiveX Control GetResourceString Method _vswprintf() Call Stack Buffer Overflow Vulnerability
  • DSUtilityLib.HelperObj.4 Activex Control ProfileInt Property wsprintfW() Call Stack Buffer Overflow Vulnerability
  • DSITEMENUMLib.ItemObj.4 Activex Control Basetype Property Stack Buffer Overflow Vulnerability
  • DsSearch.SearchConsole.1 ActiveX Control RestrictGlobalScope Method wcscpy() Call Stack Buffer Overflow Vulnerability
  • DSUtilityLib.HelperObj.4 Activex Control RunCommand Method CreateProcessW() Call Command Execution Vulnerability

Continue reading SSD Advisory – Xerox DocuShare Multiple Vulnerabilities