Blog

The Curse of the Antivirus Solution

This is the main article for the VirIT Explorer Local Privilege Escalation Exploit`s, if you are not interested in the methodology and the story behind this vulnerability you can directly jump to the end and reach the exploit section. As a penetration tester I’ve realized that Antivirus Solutions are often insecure, they can be easily bypassed and they do not fully protect your system; sometimes they also make you more vulnerable and this is the case. I will always recommend AV [...]

Read more...

Hackinbo Lab

Anche quest’anno a Bologna si terrà l’HackInBo, evento gratuito dedicato alla sicurezza informatica che si prefigge l’obiettivo di informare il pubblico italiano riguardo gli ultimi sviluppi di questo settore. L’evento è organizzato da Mario Anglani e come sempre, è rivolto a tutti quelli che per lavoro o per passione vogliono approfondire le tematiche relative alla sicurezza informatica. Questa sesta edizione, che si terrà a Bologna presso Best Western Plus Tower Hotel in Viale Lenin 43, la durata dell’evento che sarà [...]

Read more...

ImageTragick PoC

ImageMagick Is On Fire — CVE-2016–3714 There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild. A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick. For more information about this vulnerability visit: https://imagetragick.com/ or [...]

Read more...

Phorum – Full Disclosure

Reporter VoidSec Security Team Advisory VoidSec-16-002 Date of contact 03-03-16 2nd date of contact 16-03-16 3rd date of contact 04-04-16 Vendor last reply 03-03-16 Date of public disclosure 21-04-16 Product Phorum Open Source PHP Forum Software Version 5.2.20   Download the Report [EN] Introduction The purpose of the present project is to assess the security posture of some important aspects of Phorum Forum Software. Phorum is open source forum software with a penchant for speed. Phorum’s very flexible hook and module system can satisfy every web master’s needs. During the web application security assessment for Phorum, VoidSec assessed the following systems [...]

Read more...

LinkedIn – CSV Excel formula injection

We are proud to publish an undisclosed vulnerability affecting LinkedIn and in particular its “CSV Export” function. Following our Vulnerability Disclosure Policy Agreement, LinkedIn Security Team has been informed about this specific issue and this vulnerability will be published without a working PoC. LinkedIn`s users can exports all their connections into a CSV file, that due to some missing filters (escaping output), could allows an attacker to execute a command on the user machine. An attacker can create a LinkedIn profile embedding [...]

Read more...

Avactis – Full Disclosure

Advisory: VoidSec-16-001 Date of contact: 19-01-16 2nd date of contact: 23-01-16 Vendor reply: N/A Date of public disclosure: 12-04-16 Product: Avactis PHP Shopping Cart Version: 4.7.9.Next.47900 Vendor: Avactis   Download the Report [EN] Introduction Avactis is an open source ecommerce Shopping Cart software. The purpose of the present project is to assess the security posture of some important aspects of Avactis PHP Shopping Cart. The activity is performed through Web Application Penetration Test using Grey Box approach. Vulnerabilities: Spreading of Files with Malicious Extensions on Upload New Design and Execution in some circumstances Non-Admin PHP Shell Upload [...]

Read more...

Simulazione di un Penetration Test

Hacker di professione: simulazione di un Penetration Test JEToP – Junior Enterprise Torino Politecnico Mercoledì 13 aprile 2016 dalle 09:00 alle 19:00 (CEST) Cosa si fa? Durante le 8 ore del corso, i partecipanti assisteranno ad una breve introduzione al mondo della Sicurezza Informatica, focalizzandosi in particolare sull’attività di Penetration Testing. Per Penetration Test si intende un’attività che ha lo scopo di identificare e sfruttare la vulnerabilità di un sistema, ripercorrendo i tipici passaggi di un attacante malintenzionato (Cracker). La sostanziale differenza tra un Cracker [...]

Read more...

Backdoored OS

Recap Nella giornata del 21 Febbraio la distribuzione Linux Mint è stata attaccata e, a seguito dell’intrusione, l’aggressore è stato in grado di modificare la ISO della versione 17.3 Cinnamon Edition, inserendo una backdoor al suo interno. “Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it,” Clement Lefebvre – head of Linux Mint project Tralasciando le modalità dell’attacco a WordPress, la successiva compromissione del sito web e del forum (password [...]

Read more...

Backdoored OS

Recap On February 21 Linux Mint was attacked and, as a result of the intrusion, the attacker was able to backdoor the ISO (Cinnamon Edition v17.3). “Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it,” Clement Lefebvre – head of Linux Mint project Aside from the WordPress attack, the subsequent forum dump (database password: “upMint.”, seriously?) and the analysis of the malware (Tsunami/Kaiten), this incident made me think about a [...]

Read more...

Keybase

Recently, a malware known as KeyBase, is “triggering” some of my sensors. KeyBase was distributed in February 2015 and sold for about $ 50 (in its first version), It remained active until May and then disappear from internet. During November it is back up with thousands of infections (v1.5). Keybase is a malware with limited capabilities belonging to the families of keyloggers and info-stealers. Malware Overview Keybase is written in C# and among its features we can find: Keylogging HotLogging(Keylogging ofspecific windows.ex. Paypal, bank [...]

Read more...