CVE-2020-1337 – PrintDemon is dead, long live PrintDemon!
voidsec2022-01-14T09:05:26+01:00Banner Image by Sergio Kalisiak
TL; DR: I will explain, in details, how to trigger PrintDemon exploit and dissect how I’ve discovered a new 0-day; Microsoft Windows EoP CVE-2020-1337, a bypass of PrintDemon’s recent patch via a Junction Directory (TOCTOU).
After Yarden Shafir’s & Alex Ionescu’s posts (PrintDemon, FaxHell) and their call to action, I’ve started diving into the PrintDemon exploit. PrintDemon is the catching name for Microsoft CVE-2020-1048: Windows Print Spooler Elevation of Privilege Vulnerability which is affecting (according to Microsoft),...
voidsec2022-01-14T09:16:58+01:00Recently, during a penetration test I have found a vulnerable installation of the Joomla CMS. Yes, I already know that this vulnerability is quite old and that there is a ready to use Metasploit module but here is the catch: the module and other scripts available on internet weren’t working against my environment, furthermore, during the last year a lot of new vulnerabilities rely on the PHP Object Injection and Serialize/Unserialize.
That's the reason why I thought it was a good...
voidsec2022-01-14T09:20:33+01:00This is the main article for the VirIT Explorer Local Privilege Escalation Exploit's, if you are not interested in the methodology and the story behind this vulnerability you can directly jump to the end and reach the exploit section.
As a penetration tester I've realized that Antivirus Solutions are often insecure, they can be easily bypassed and they do not fully protect your system; sometimes they also make you more vulnerable and this is the case.
I will always recommend AV as...
voidsec2022-01-14T09:21:31+01:00ImageMagick Is On Fire — CVE-2016–3714
There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.
A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick.
For more information about this vulnerability visit: https://imagetragick.com/ or this...
VoidSec Security Team
Date of contact
2nd date of contact
3rd date of contact
Vendor last reply
Date of public disclosure
Phorum Open Source PHP Forum Software
Download the Report [EN]
The purpose of the present project is to assess the security posture of some important aspects of Phorum Forum Software.
Phorum is open source forum software with a penchant for speed. Phorum's very flexible hook and module system can satisfy every web master's needs.
During the web application security assessment for Phorum, VoidSec assessed the following systems using...
voidsec2022-01-14T09:22:05+01:00We are proud to publish an undisclosed vulnerability affecting LinkedIn and in particular its "CSV Export" function.
Following our Vulnerability Disclosure Policy Agreement, LinkedIn Security Team has been informed about this specific issue and this vulnerability will be published without a working PoC.
LinkedIn's users can exports all their connections into a CSV file, that due to some missing filters (escaping output), could allows an attacker to execute a command on the user machine.
An attacker can create a LinkedIn profile embedding a...
Date of contact:
2nd date of contact:
Date of public disclosure:
Avactis PHP Shopping Cart
Download the Report [EN]
Avactis is an open source ecommerce Shopping Cart software. The purpose of the present project is to assess the security posture of some important aspects of Avactis PHP Shopping Cart. The activity is performed through Web Application Penetration Test using Grey Box approach.
Spreading of Files with Malicious Extensions on Upload New Design and Execution in some
Non-Admin PHP Shell...
voidsec2022-01-14T09:32:14+01:00Qualche mese fa sono stato intervistato da Pierluigi Paganini per Infosec Institute riguardo l’argomento: Hacking Communities in the Deep Web.
Vi propongo quindi la sessione di Q&A tradotta in Italiano, l’articolo originale è ben più vasto di questo piccolo “recap” e ne consiglio la lettura.
Si sente spesso parlare di Deep Web, cosa s’intende con questo termine?
Il Deep Web è l’insieme di tutti i contenuti internet non indicizzati dai motori di ricerca e pertanto difficilmente raggiungibili dagli utenti standard. Sovente viene utilizzato...
June 17, 2015
Paolo Stagno ( aka voidsec – [email protected] )
Luca Poletti ( aka kalup – [email protected] )
Download the Report [EN]
In those last days a new social network called minds is getting attention over the internet, it aims to give transparency and protection to user data. Thanks to those last two points the new site has attracted the support of online activists including the hacking collective Anonymous.
We have then decided to give a look to that amazing platform,...
March 03, 2015
January 26, 2015
Download the Report
In Gennaio, il team VoidSec (voidsec, bughardy, smaury) ha realizzato un web application penetration test sulla piattaforma di blogging Ghost.
Ghost è un nuovo content management system dedicato ai blogger che cercano un’alternativa a WordPress. Un crescente numero di utenti ha abbandonato i CMS tradizionali per abbracciare piattaforme più minimali, concentrate sulla lettura e la scrittura, essenziali; in questo Ghost è uno tra i software più popolari e molto utilizzato, sta...