⚠ Lưu ý: Đây không phải là một lỗi bảo mật của Zalo. Từ khi thấy tôi được lên báo vì hack vào mấy website bên Mỹ, bạn bè tôi rất hay nhờ tôi hack hộ cái gì đấy. Nhờ hack Facebook thì lại quá tầm thường, có đứa tự nhiên một hôm đẹp trời… Continue reading Con của bạn tôi dùng Zalo
Author: yeuchimse
RCE – LimeSurvey (CVE-2018-7556)
A day in 2018, I was participating in a bug bounty program, and this target caught my attention: The reason was pretty simple: LimeSurvey is a name I had never heard of before. I thought to myself that for an uncommon software like this, it should take no more than 5 minutes to find a… Continue reading RCE – LimeSurvey (CVE-2018-7556)
Leaking issues from linked Jira – Atlassian Confluence Server
Application Links (sometimes called “app links”) is a bundled app that allows you to set up links, share information, and provide access to certain resources or functionality across multiple Atlassian products. Linking Confluence to other applications allows you to include information from those applications in pages or blogs that you create in Confluence. For example,… Continue reading Leaking issues from linked Jira – Atlassian Confluence Server
CSRF Protection Bypass – Atlassian Confluence Server
The Server version of Atlassian Confluence comes with a built-in plugin named applinks-cors, with the following declaration in file atlassian-plugin.xml: The CorsFilter class is implemented as below: As we can see from the code, for all requests to URLs that match the defined patterns, Access-Control-Allow-Origin (ACAO) and Access-Control-Allow-Credentials (ACAC) headers will be added to the… Continue reading CSRF Protection Bypass – Atlassian Confluence Server
RCE – Telerik UI for ASP.NET AJAX (CVE-2017-9248)
Two years ago, Progress released a security advisory about a cryptographic weakness issue in Telerik UI for ASP.NET AJAX components that can result in an arbitrary file upload, allowing unauthenticated attackers to compromise vulnerable websites via uploading a webshell. CMSes that use the component, such as DotNetNuke, Sitefinity, are also affected. While the issue is… Continue reading RCE – Telerik UI for ASP.NET AJAX (CVE-2017-9248)
Finding vulnerabilities in Atlassian products
An internal talk of mine that was first presented in 2019.