Know your community – Simone Margaritelli (@evilsocket)

The guy that published a first hand account of how an allegedly government-sponsored firm, Dark Matter, tried to hire him to help them spy on civilian in the UAE.

A former BlackHat that switch sides

Bug Bounty hunter

The author of the most known offensive open source software – BetterCAP, dSploit, AndroSwat and more!

Please meet Simone Margaritelli AKA @evilsocket

Continue reading Know your community – Simone Margaritelli (@evilsocket)

SSD Advisory – AContent Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities types found in AContent version 1.3.

AContent is an open source learning content management system (LCMS) used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. For those familiar with ATutor, AContent contains the content authoring, test authoring, and content interoperability features of ATutor, producing a standalone tool that can be used with any system that supports IMS content interoperability standards.

The vulnerability found are:

  • Directory Traversal
  • Directory Traversal that lead to Remote Code Execution – question_import.php
  • Directory Traversal that lead to Remote Code Execution – ims_import.php
  • Directory Traversal that lead to Remote Code Execution – import_test.php

Credit
An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor Response
AContent has fixed the vulnerabilities in their GitHub master branch.
For more details:

Continue reading SSD Advisory – AContent Multiple Vulnerabilities

SSD Advisory – Xiaomi Air Purifier 2 Firmware Update Process Vulnerability

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes an Firmware Update Process Vulnerability found in Xiaomi Air Purifier 2.

Mi Air Purifier is a High performance smart air purifier (IoT) that can be controlled remotely.

According to the manufacture (Xiaomi) “Monitor your home air quality in real time from absolutely anywhere when you sync with the Mi Home app on your phone. Control Mi Air Purifier remotely and watch how air is being purified. The app even displays outside air quality and tells you when it’s safe to switch Mi off and open your windows.”

Xiaomi Air Purifier 2, version 1.2.4_59, does not use a secure connection for its firmware update process. The update process is in plain-text HTTP.

A potential attacker can exploit the firmware update process to:

  • Obtaining the firmware binary for analysis to conduct other attacks
  • Enables inject modified firmware

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We reported the vulnerability to Xiaomi and they informed us that: “Because of Xiaomi Air Purifier initial design features,there is not enough storage is available to use HTTPS. So this will not be fixed for the time being but it will be fixed in the later versions.”

SSD Advisory – Cisco DPC3928 Router Arbitrary File Disclosure

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes an arbitrary file disclosure vulnerability found in Cisco DPC3928AD DOCSIS 3.0 2-PORT Voice Gateway.

The Cisco DPC3928AD DOCSIS is a home wireless router that is currently "Out of support" but is provided by ISPs world wide.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We reported the vulnerability to Cisco and they informed us that the Cisco DPC3928AD sold to Technicolor: “The Cisco DPC3928AD was actually sold to Technicolor a while back. In this case, we will ask you to please contact Technicolor at security@technicolor.com to open a case with them”

After connecting Technicolor, they informed us that the product has reached end of life and they will not patch the vulnerability: “After an extensive search for the product to perform validation, we were unable to source the gateway to validate your proof of concept. Due to the end-of-sale and end-of-life of the product Technicolor will not be patching the bug.”

Continue reading SSD Advisory – Cisco DPC3928 Router Arbitrary File Disclosure