SSD Advisory – OrientDB Code Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory reports a vulnerability in OrientDB which allows users of the product to cause it to execute code.

OrientDB is a Distributed Graph Database engine with the flexibility of a Document Database all in one product. The first and best scalable, high-performance, operational NoSQL database.

Credit
An independent security researcher, Francis Alexander, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vendor has released patches to address this vulnerability and issue CVE-2017-11467.
For more information: https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#security.

Continue reading SSD Advisory – OrientDB Code Execution

SSD Advisory – 360 Total Security Privileged Escalation

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes an Privileged Escalation vulnerability found in 360 Total Security.

360 Total Security offers your PC complete protection from Viruses, Trojans and other emerging threats.

Whether you are shopping online, downloading files or chatting with your friends you can be sure that 360 Total Security is there to keep you safe and your computer optimized. Clean-up utility is just one click away to keep your PC in optimal condition.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vendor has released patches to address this vulnerability and has only provided these details in response to our query on the status: “We will release this patch on 7/7”

CVE: CVE-2017-12653

Continue reading SSD Advisory – 360 Total Security Privileged Escalation

Hack2Win 2017 D-Link 850L Results

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

On June 11th 2017 we announced the first online version of our ‘Hack2Win’ hacking competition. We allocated $10,000 USD as pay outs to valid submissions, and 2 months of competition time – by making the product available on the internet – to allow everyone a chance to hack it. The device was made publicly accessible on July 3rd.

We were pleasantly surprised to get the first submission on June 12nd, just one day after we advertised our competition. But unfortunately that submission didn’t work on our hardware revision, and thus was not considered for a prize.

Subsequent submissions were not far behind: on Jun 29th, a LAN – Unauthorized RCE as root, was received.

On June 30th we received another submission – one that allowed remote retrieval of the admin password from both the WAN and LAN interfaces.

On July 3rd we received the submission that ended the competition – an Unauthenticated Remote Code Execution from both the WAN and LAN interfaces.

Once this last submission arrived, we ended the competition having reached the goal of owning the device from both the LAN and WAN sides.

D-Link has been contacted and the full write-up will be published after the vendor releases patches for these vulnerabilities.

What’s interesting is that all 3 researchers that submitted the vulnerabilities found the same similar security issue – but from there, each researcher exploited the vulnerability in a different way. Only one of the researchers successfully exploited the vulnerability and achieved unauthenticated remote code execution from WAN.

Prizes:

  • 1st place goes to Zdenda – 5,000$ USD for the unauthenticated Remote Code Execution from WAN
  • 2nd place goes to Peter Geissler – 2,500$ USD for retrieving admin password from WAN
  • 3rd place goes to Pierre Kim- 2,500$ USD for the unauthorized RCE as root from LAN

Our main takeaway from this competition is how talented researchers out there are. Our research community members are really good at finding vulnerabilities in products, and when there is a clear goal they will reach it. In addition, we decided that we need to challenge them more and more frequently 🙂

Our next target won’t be as easy as a D-Link router – and the prizes will rise accordingly. Stay tuned.

SSD Advisory – Skype For Business XSS

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes an XSS vulnerability found in Skype for Business.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vendor has released patches to address this vulnerability and has only provided these details in response to our query on the status: “implemented some changes in the latest version to sanitize HTML input”

Continue reading SSD Advisory – Skype For Business XSS