SSD安全公告-Sophos XG从未经身份验证的存储型XSS漏洞到Root访问

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

漏洞概要
以下安全公告描述了在Sophos XG 17中发现的一个存储型XSS漏洞,成功利用该漏洞可以获取root访问。

Sophos XG防火墙“全新的控制中心为用户的网络提供前所未有的可视性。可以获得丰富的报告,还可以添加Sophos iView,以便跨多个防火墙进行集中报告。“

Continue reading SSD安全公告-Sophos XG从未经身份验证的存储型XSS漏洞到Root访问

SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in AsusWRT Version 3.0.0.4.380.7743. The combination of the vulnerabilities leads to LAN remote command execution on any Asus router.

AsusWRT is “THE POWERFUL USER-FRIENDLY INTERFACE – The enhanced ASUSWRT graphical user interface gives you easy access to the 30-second, 3-step web-based installation process. It’s also where you can configure AiCloud 2.0 and all advanced options. ASUSWRT is web-based, so it doesn’t need a separate app, or restrict what you can change via mobile devices — you get full access to everything, from any device that can run a web browser”

The vulnerabilities found are:

  • Access bypass
  • Configuration manipulation

Credit
An independent security researcher, Pedro Ribeiro (pedrib_at_gmail.com), has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Asus were informed of the vulnerabilities and released patches to address them (version 3.0.0.4.384_10007).

For more details: https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/

CVE: CVE-2018-5999 and CVE-2018-6000

Continue reading SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution

Hack2Win eXtreme

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Hack2Win is a hacking competition we launched 5 years ago.

The competition had so far two flavors – Hack2Win Online and Hack2Win CodeBlue.

We decided to go big this year and with Hack2Win eXtreme!

Hack2Win eXtreme will focus on two primary targets, browsers and mobile.

We have up to $500,000 USD to give away!

The competition will take place during the beVX conference, on September 20-21, 2018.

Continue reading Hack2Win eXtreme

SSD Advisory – GitStack Unauthenticated Remote Code Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability Summary
The following advisory describes an unauthenticated action that allows a remote attacker to add a user to GitStack and then used to trigger an unauthenticated remote code execution.

GitStack is “a software that lets you setup your own private Git server for Windows. This means that you create a leading edge versioning system without any prior Git knowledge. GitStack also makes it super easy to secure and keep your server up to date. GitStack is built on the top of the genuine Git for Windows and is compatible with any other Git clients. GitStack is completely free for small teams.”

Credit
An independent security researcher, Kacper Szurek, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
We tried to contact GitStack since October 17 2017, repeated attempts to establish contact were answered, but no details have been provided on a solution or a workaround.

CVE: CVE-2018-5955
Continue reading SSD Advisory – GitStack Unauthenticated Remote Code Execution