Blog

HackInBo 2016 – Winter Edition

Saturday 29th October I was in Bologna for the HackInBo and during this week a lot of you, foreign readers, asked me what the HackInBo is, if it was good and what type of event is it, so, I will try to break it down. The HackInBo is probably the first and the only Italian security oriented event without sales pitches and marketing. It is hard to describe because it is very different from any other events that I can [...]

Read more...

Cybersecurity in Italy

First of all, a small disclaimer: any statement inside this article is based on my own personal point of view. I deliberately generalized and I am aware of the presence of certain exceptions in my country, but this sum up my opinion and there will be people that will be not aligned with those thoughts. After almost 5 years inside the cyber-security field I would like to point out some elements, that according to my point of view, are not [...]

Read more...

The Curse of the Antivirus Solution

This is the main article for the VirIT Explorer Local Privilege Escalation Exploit`s, if you are not interested in the methodology and the story behind this vulnerability you can directly jump to the end and reach the exploit section. As a penetration tester I’ve realized that Antivirus Solutions are often insecure, they can be easily bypassed and they do not fully protect your system; sometimes they also make you more vulnerable and this is the case. I will always recommend AV [...]

Read more...

Hackinbo Lab

Anche quest’anno a Bologna si terrà l’HackInBo, evento gratuito dedicato alla sicurezza informatica che si prefigge l’obiettivo di informare il pubblico italiano riguardo gli ultimi sviluppi di questo settore. L’evento è organizzato da Mario Anglani e come sempre, è rivolto a tutti quelli che per lavoro o per passione vogliono approfondire le tematiche relative alla sicurezza informatica. Questa sesta edizione, che si terrà a Bologna presso Best Western Plus Tower Hotel in Viale Lenin 43, la durata dell’evento che sarà [...]

Read more...

ImageTragick PoC

ImageMagick Is On Fire — CVE-2016–3714 There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild. A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick. For more information about this vulnerability visit: https://imagetragick.com/ or [...]

Read more...

Phorum – Full Disclosure

Reporter VoidSec Security Team Advisory VoidSec-16-002 Date of contact 03-03-16 2nd date of contact 16-03-16 3rd date of contact 04-04-16 Vendor last reply 03-03-16 Date of public disclosure 21-04-16 Product Phorum Open Source PHP Forum Software Version 5.2.20   Download the Report [EN] Introduction The purpose of the present project is to assess the security posture of some important aspects of Phorum Forum Software. Phorum is open source forum software with a penchant for speed. Phorum’s very flexible hook and module system can satisfy every web master’s needs. During the web application security assessment for Phorum, VoidSec assessed the following systems [...]

Read more...

LinkedIn – CSV Excel formula injection

We are proud to publish an undisclosed vulnerability affecting LinkedIn and in particular its “CSV Export” function. Following our Vulnerability Disclosure Policy Agreement, LinkedIn Security Team has been informed about this specific issue and this vulnerability will be published without a working PoC. LinkedIn`s users can exports all their connections into a CSV file, that due to some missing filters (escaping output), could allows an attacker to execute a command on the user machine. An attacker can create a LinkedIn profile embedding [...]

Read more...

Avactis – Full Disclosure

Advisory: VoidSec-16-001 Date of contact: 19-01-16 2nd date of contact: 23-01-16 Vendor reply: N/A Date of public disclosure: 12-04-16 Product: Avactis PHP Shopping Cart Version: 4.7.9.Next.47900 Vendor: Avactis   Download the Report [EN] Introduction Avactis is an open source ecommerce Shopping Cart software. The purpose of the present project is to assess the security posture of some important aspects of Avactis PHP Shopping Cart. The activity is performed through Web Application Penetration Test using Grey Box approach. Vulnerabilities: Spreading of Files with Malicious Extensions on Upload New Design and Execution in some circumstances Non-Admin PHP Shell Upload [...]

Read more...

Simulazione di un Penetration Test

Hacker di professione: simulazione di un Penetration Test JEToP – Junior Enterprise Torino Politecnico Mercoledì 13 aprile 2016 dalle 09:00 alle 19:00 (CEST) Cosa si fa? Durante le 8 ore del corso, i partecipanti assisteranno ad una breve introduzione al mondo della Sicurezza Informatica, focalizzandosi in particolare sull’attività di Penetration Testing. Per Penetration Test si intende un’attività che ha lo scopo di identificare e sfruttare la vulnerabilità di un sistema, ripercorrendo i tipici passaggi di un attacante malintenzionato (Cracker). La sostanziale differenza tra un Cracker [...]

Read more...

Backdoored OS

Recap Nella giornata del 21 Febbraio la distribuzione Linux Mint è stata attaccata e, a seguito dell’intrusione, l’aggressore è stato in grado di modificare la ISO della versione 17.3 Cinnamon Edition, inserendo una backdoor al suo interno. “Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it,” Clement Lefebvre – head of Linux Mint project Tralasciando le modalità dell’attacco a WordPress, la successiva compromissione del sito web e del forum (password [...]

Read more...