30Aug-18
27Mar-18
VPN Leak
(Edited on 06/04: in order to reflect the actual situation) TL:DR: VPN leaks users’ IPs via WebRTC. I’ve tested hundred VPN and Proxy providers and 19 of them leaks users’ IPs via WebRTC (16%) You can check if your VPN leaks visiting: http://ip.voidsec.com Here you can find the complete list of the VPN providers that I’ve tested: https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit#gid=0 Add a comment or send me a tweet if you have updated results for any of the VPN which I am missing details. (especially...
19May-16
The Curse of the Antivirus Solution
This is the main article for the VirIT Explorer Local Privilege Escalation Exploit's, if you are not interested in the methodology and the story behind this vulnerability you can directly jump to the end and reach the exploit section. As a penetration tester I've realized that Antivirus Solutions are often insecure, they can be easily bypassed and they do not fully protect your system; sometimes they also make you more vulnerable and this is the case. I will always recommend AV as...
21Apr-16
Phorum – Full Disclosure
Reporter VoidSec Security Team Advisory VoidSec-16-002 Date of contact 03-03-16 2nd date of contact 16-03-16 3rd date of contact 04-04-16 Vendor last reply 03-03-16 Date of public disclosure 21-04-16 Product Phorum Open Source PHP Forum Software Version 5.2.20 Download the Report [EN] Introduction The purpose of the present project is to assess the security posture of some important aspects of Phorum Forum Software. Phorum is open source forum software with a penchant for speed. Phorum's very flexible hook and module system can satisfy every web master's needs. During the web application security assessment for Phorum, VoidSec assessed the following systems using...
19Apr-16
LinkedIn – CSV Excel formula injection
We are proud to publish an undisclosed vulnerability affecting LinkedIn and in particular its "CSV Export" function. Following our Vulnerability Disclosure Policy Agreement, LinkedIn Security Team has been informed about this specific issue and this vulnerability will be published without a working PoC. LinkedIn's users can exports all their connections into a CSV file, that due to some missing filters (escaping output), could allows an attacker to execute a command on the user machine. An attacker can create a LinkedIn profile embedding a...
13Apr-16
Avactis – Full Disclosure
Advisory: VoidSec-16-001 Date of contact: 19-01-16 2nd date of contact: 23-01-16 Vendor reply: N/A Date of public disclosure: 12-04-16 Product: Avactis PHP Shopping Cart Version: 4.7.9.Next.47900 Vendor: Avactis Download the Report [EN] Introduction Avactis is an open source ecommerce Shopping Cart software. The purpose of the present project is to assess the security posture of some important aspects of Avactis PHP Shopping Cart. The activity is performed through Web Application Penetration Test using Grey Box approach. Vulnerabilities: Spreading of Files with Malicious Extensions on Upload New Design and Execution in some circumstances Non-Admin PHP Shell...
22Dec-15
Aethra Botnet
What do an old log file, Wordpress, “some” routers and some Italian ISP have in common? Apparently nothing but let me explain from the beginning and you will notice how interesting elements can be discovered, starting from an insignificant event. Friday, February 13, 2015: I was performing ordinary maintenance on my personal website and, while I was analyzing the statistics and logs, I noticed a "strange" recurring pattern: Anyone who has ever run a WordPress can recognize in this extract of log,...
22Dec-15
Aethra Botnet
Che cosa hanno in comune un vecchio file di log, Wordpress, una “manciata” di router e degli ISP italiani? All’apparenza nulla ma lasciatemi spiegare tutto dall’inizio e vedrete come, partendo da un evento poco significativo si possano scoprire elementi quantomeno interessanti. You can read this article in English here. Venerdì 13 Febbraio 2015: stavo effettuando ordinaria manutenzione sul mio sito personale quando analizzando le statistiche e I log mi accorsi di un pattern ricorrente e quantomeno “strano”: Chiunque abbia mai gestito un sito Wordpress...
18Jun-15
Minds.com – Full Disclosure
Advisory: VoidSec-15-002 Disclosure date: June18, 2015 Vendor: Minds.com Advisory sent: June 17, 2015 Paolo Stagno ( aka voidsec – [email protected] ) Luca Poletti ( aka kalup – [email protected] ) Download the Report [EN] Introduction In those last days a new social network called minds is getting attention over the internet, it aims to give transparency and protection to user data. Thanks to those last two points the new site has attracted the support of online activists including the hacking collective Anonymous. We have then decided to give a look to that amazing platform,...
7Mar-15