Telegram Secret Chat Bug

For whom is following me on Twitter this is not a news, yesterday I was complaining about a Telegram “Feature” in the secret chat context, while for whom doesn’t this should serve as a write-up of the bug that I have discovered (The bug is nothing fancy but something I think people should, at least, know). Telegram Secret Chat If you are not practical with the concept of Telegram’s Secret Chat: “Secret chats are meant for people who want more secrecy than the...

VPN Leak

(Edited on 06/04: in order to reflect the actual situation) TL:DR: VPN leaks users’ IPs via WebRTC. I’ve tested hundred VPN and Proxy providers and 19 of them leaks users’ IPs via WebRTC (16%) You can check if your VPN leaks visiting: http://ip.voidsec.com Here you can find the complete list of the VPN providers that I’ve tested: https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit#gid=0 Add a comment or send me a tweet if you have updated results for any of the VPN which I am missing details. (especially...

The Curse of the Antivirus Solution

This is the main article for the VirIT Explorer Local Privilege Escalation Exploit's, if you are not interested in the methodology and the story behind this vulnerability you can directly jump to the end and reach the exploit section. As a penetration tester I've realized that Antivirus Solutions are often insecure, they can be easily bypassed and they do not fully protect your system; sometimes they also make you more vulnerable and this is the case. I will always recommend AV as...

Phorum – Full Disclosure

Reporter VoidSec Security Team Advisory VoidSec-16-002 Date of contact 03-03-16 2nd date of contact 16-03-16 3rd date of contact 04-04-16 Vendor last reply 03-03-16 Date of public disclosure 21-04-16 Product Phorum Open Source PHP Forum Software Version 5.2.20   Download the Report [EN] Introduction The purpose of the present project is to assess the security posture of some important aspects of Phorum Forum Software. Phorum is open source forum software with a penchant for speed. Phorum's very flexible hook and module system can satisfy every web master's needs. During the web application security assessment for Phorum, VoidSec assessed the following systems using...

LinkedIn – CSV Excel formula injection

We are proud to publish an undisclosed vulnerability affecting LinkedIn and in particular its "CSV Export" function. Following our Vulnerability Disclosure Policy Agreement, LinkedIn Security Team has been informed about this specific issue and this vulnerability will be published without a working PoC. LinkedIn's users can exports all their connections into a CSV file, that due to some missing filters (escaping output), could allows an attacker to execute a command on the user machine. An attacker can create a LinkedIn profile embedding a...

Avactis – Full Disclosure

Advisory: VoidSec-16-001 Date of contact: 19-01-16 2nd date of contact: 23-01-16 Vendor reply: N/A Date of public disclosure: 12-04-16 Product: Avactis PHP Shopping Cart Version: 4.7.9.Next.47900 Vendor: Avactis   Download the Report [EN] Introduction Avactis is an open source ecommerce Shopping Cart software. The purpose of the present project is to assess the security posture of some important aspects of Avactis PHP Shopping Cart. The activity is performed through Web Application Penetration Test using Grey Box approach. Vulnerabilities: Spreading of Files with Malicious Extensions on Upload New Design and Execution in some circumstances Non-Admin PHP Shell...

Aethra Botnet

What do an old log file, Wordpress, “some” routers and some Italian ISP have in common? Apparently nothing but let me explain from the beginning and you will notice how interesting elements can be discovered, starting from an insignificant event. Friday, February 13, 2015: I was performing ordinary maintenance on my personal website and, while I was analyzing the statistics and logs, I noticed a "strange" recurring pattern: Anyone who has ever run a WordPress can recognize in this extract of log,...

Aethra Botnet

Che cosa hanno in comune un vecchio file di log, Wordpress, una “manciata” di router e degli ISP italiani? All’apparenza nulla ma lasciatemi spiegare tutto dall’inizio e vedrete come, partendo da un evento poco significativo si possano scoprire elementi quantomeno interessanti. You can read this article in English here. Venerdì 13 Febbraio 2015: stavo effettuando ordinaria manutenzione sul mio sito personale quando analizzando le statistiche e I log mi accorsi di un pattern ricorrente e quantomeno “strano”: Chiunque abbia mai gestito un sito Wordpress...

Minds.com – Full Disclosure

Advisory: VoidSec-15-002 Disclosure date: June18, 2015 Vendor: Minds.com Advisory sent: June 17, 2015 Paolo Stagno ( aka voidsec – [email protected] ) Luca Poletti ( aka kalup – [email protected] ) Download the Report [EN] Introduction In those last days a new social network called minds is getting attention over the internet, it aims to give transparency and protection to user data. Thanks to those last two points the new site has attracted the support of online activists including the hacking collective Anonymous. We have then decided to give a look to that amazing platform,...

Report: Ghost Blogging Platform

Advisory: VoidSec-15-001 Disclosure date: March 03, 2015 Vendor: Ghost Advisory sent: January 26, 2015 First delay: February 24,2015   Download the Report Introduzione In Gennaio, il team VoidSec (voidsec, bughardy, smaury) ha realizzato un web application penetration test sulla piattaforma di blogging Ghost. Ghost è un nuovo content management system dedicato ai blogger che cercano un’alternativa a WordPress. Un crescente numero di utenti ha abbandonato i CMS tradizionali per abbracciare piattaforme più minimali, concentrate sulla lettura e la scrittura, essenziali; in questo Ghost è uno tra i software più popolari e molto utilizzato, sta...