Spentera Blog
  • Home
  • Cyber Threat Intelligence
  • Exploit Development
  • Security Advisory
  • Disclaimer
  • About Us

Spentera Blog

Discover, code, and exploit

Windows Red Team Lab Review
General

Windows Red Team Lab Review

Students will be given remote desktop access to student machines that are connected to the Windows Active Directory with least privilege, and privilege escalation on student machine is part of challenge.

  • Marie
    Marie
Marie 2 Oct 2018 • 3 min read
Zahir Accounting Enterprise Plus 6 <= build 10b 0day Exploit Vulnerability Discovery
Exploit Development

Zahir Accounting Enterprise Plus 6 <= build 10b 0day Exploit Vulnerability Discovery

Zahir Accounting adalah software akuntansi yang sangat banyak digunakan oleh tingkatan SOHO (Small Office Home Office) di Indonesia. Selain harganya yang terjangkau, Zahir memiliki fitur yang lebih dari cukup untuk

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 1 Oct 2018 • 18 min read
FileRun: Blind SQL Injection Vulnerability
Security Advisory

FileRun: Blind SQL Injection Vulnerability

We discovered a vulnerability during a pentest in a file sharing web application named FileRun. It allows us to access files anywhere through a self-hosted secure cloud storage, backup and

  • Marie
    Marie
Marie 29 Sep 2017 • 5 min read
CyberLink LabelPrint: Buffer Overflow
Exploit Development

CyberLink LabelPrint: Buffer Overflow

It’s been a while since our last post about exploitation. This time, we try to explain a stack-based overflow on Cyberlink LabelPrint, a tool to assist in designing

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 20 Sep 2017 • 6 min read
ALLPlayer: Buffer Overflow (SEH Unicode)
Exploit Development

ALLPlayer: Buffer Overflow (SEH Unicode)

After playing around with unicode stack overflow, I try to do it on an application called AllPlayer. The techniques used are not much different, so the result will be the

  • Marie
    Marie
Marie 18 Aug 2017 • 1 min read
NetGain Enterprise Manager: Authentication Bypass / Local File Inclusion
Web Security

NetGain Enterprise Manager: Authentication Bypass / Local File Inclusion

We discovered a vulnerability on NetGain Enterprise Manager (ver. 7.2.647) during a pentest. We believe that this vulnerability is quite rare and worth to share. Local File Inclusion

  • Marie
    Marie
Marie 5 Jun 2017 • 2 min read
SMB Exploit (MS17-010) dengan EternalBlue dan DoublePulsar
Tutorials

SMB Exploit (MS17-010) dengan EternalBlue dan DoublePulsar

EternalBlue dapat digunakan untuk melakukan eksploitasi pada layanan Server Message Block (SMB) tanpa membutuhkan proses otentikasi. Kemudian ditambah dengan menggunakan DoublePulsar untuk mengirim sekaligus mengeksekusi malicious Dynamic-Link Libraries (DLL) atau

  • Marie
    Marie
Marie 17 May 2017 • 4 min read
Wordpress: Multiple Vulnerabilities in Simple Login Log Plugin
Security Advisory

Wordpress: Multiple Vulnerabilities in Simple Login Log Plugin

We discovered a vulnerability in a WordPress plugin called Simple Login Log Plugin. Vulnerability: Authenticated Blind SQL Injection, Source IP Address Manipulation Affected Version: 1.1.1 (below version may

  • Marie
    Marie
Marie 21 Apr 2017 • 2 min read
Hackfest 2016 Orcus Walkthrough
Walkthrough

Hackfest 2016 Orcus Walkthrough

This is a write up for Hackfest 2016 Orcus found in Vulnhub, just to fill my leisure time! Download here Hackfest 2016 Orcus Nmap   [email protected]:~# nmap -sC -sV

  • Marie
    Marie
Marie 26 Mar 2017 • 8 min read
NetGain Enterprise Manager: 'Ping' Command Injection
Security Advisory

NetGain Enterprise Manager: 'Ping' Command Injection

We discovered a vulnerability on NetGain Enterprise Manager (ver. 7.2.562) during a pentest. We believe that this vulnerability is quite rare and worth to share. Description: Command injection

  • MrChaZ
    MrChaZ
MrChaZ 13 Mar 2017 • 1 min read
Wordpress Profile Builder Plugin: Stored XSS
Security Advisory

Wordpress Profile Builder Plugin: Stored XSS

Simple stored Cross Site Scripting (XSS) found in WordPress Profile Builder Plugin version 5.2.7 and below. This is just a PoC example, just fill in the minimum password

  • Marie
    Marie
Marie 11 Mar 2017 • 1 min read
TAKE DOWN Mr-Robot: 1
Walkthrough

TAKE DOWN Mr-Robot: 1

Yesterday, I opened Vulnhub.com and there was challenge from Mr Robot. The same TV series will be released soon in the month of July 2016. So here it goes,

  • Marie
    Marie
Marie 30 Jun 2016 • 4 min read
Centreon Enterprise Server 2.3.3 - 2.3.9-4: Blind SQL Injection
Security Advisory

Centreon Enterprise Server 2.3.3 - 2.3.9-4: Blind SQL Injection

We discovered the vulnerability when we’re looking for alternate software in network monitoring. We know and we love Nagios, and so the Centreon, they provide a very nice

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 12 Dec 2012 • 2 min read
PC Media Antivirus: Insecure Library Loading Vulnerability
Security Advisory

PC Media Antivirus: Insecure Library Loading Vulnerability

PC Media Antivirus (PCMAV) is an AV software made in Indonesia. It’s quite popular back in 2006 since many virus creators in Indonesia actively spread viruses, and infecting

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 6 Dec 2012 • 3 min read
SmadAV: Null Pointer Dereference Vulnerability
Security Advisory

SmadAV: Null Pointer Dereference Vulnerability

We discovered that SmadAV antivirus 9.1 is susceptible to null pointer exploitation. The application does not properly filter the scanner input that is processed into smadengine.dll. The successful

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 14 Nov 2012 • 1 min read
Trend Micro Control Manager: SQL Injection Vulnerability
Security Advisory

Trend Micro Control Manager: SQL Injection Vulnerability

Trend Micro Control Manager prior to version 5.5 build 1823 (English and Japanese version) and version 6 build 1449 (English version only) are susceptible to SQL Injection. The application

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 27 Sep 2012 • 1 min read
webERP: SQL Injection
Security Advisory

webERP: SQL Injection

webERP (ver. 4.08.4) is a mature open-source ERP system providing best practice, multi-user business administration and accounting tools over the web. The vulnerability we discovered sits in the WO (work order) parameter, file WorkOrderEntry.php in the Manufacturing menu.

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 17 Sep 2012 • 1 min read
Trend Micro InterScan Messaging Security Suite: Multiple Vulnerabilities
Security Advisory

Trend Micro InterScan Messaging Security Suite: Multiple Vulnerabilities

We discovered that Trend Micro InterScan Messaging Security Suite is vulnerable to Cross Site Scripting and Cross-site Request Forgery. Proof of Concept The vulnerabilities POC are as follow: Cross-site Scripting

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 14 Sep 2012 • 1 min read
gtAkademik Gamatechno: SQL Injection and Persistent XSS
Security Advisory

gtAkademik Gamatechno: SQL Injection and Persistent XSS

We discovered that gtAkademik Gamatechno web application is susceptible to SQL Injection and Cross-site Scripting (XSS). Stored/Persistent XSS The web application allows an attacker to inject XSS script inside

  • Hanny Haliwela
    Hanny Haliwela
Hanny Haliwela 14 Aug 2012 • 2 min read
Ezhometech Ezserver: Stack Overflow Vulnerability
Security Advisory

Ezhometech Ezserver: Stack Overflow Vulnerability

EZserver version 6.4.017 or below contains a buffer overflow vulnerability which may be exploited to cause a denial of service or arbitrary code execution. Vulnerability Details Buffer overflow

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 18 Jun 2012 • 1 min read
Hexamail Server: Persistent XSS Vulnerability
Security Advisory

Hexamail Server: Persistent XSS Vulnerability

Hexamail Server version 4.4.5 or below is vulnerable to a persistent cross-site scripting (XSS) via HTML email. Vulnerability Description Hexamail Server suffers persistent XSS vulnerability in the mail

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 3 Jun 2012 • 1 min read
CyberLink Power2Go: Unicode Stack Overflow
Exploit Development

CyberLink Power2Go: Unicode Stack Overflow

The proof of concept of the vulnerability has been released on 9 December 2011, and no further announcement from CyberLink. I tried to coordinate the issue until they didn’

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 15 Apr 2012 • 6 min read
Distinct TFTP Server: Directory Traversal Vulnerability
Security Advisory

Distinct TFTP Server: Directory Traversal Vulnerability

Overview Distinct TFTP Server is part of Distinct Intranet Servers made by Distinct. Corp. We discovered that version 3.10 is susceptible to directory traversal attack. Attackers can exploit this

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 10 Apr 2012 • 2 min read
Directory Traversal with DotDotPwn (HTTPS Mode)
Tutorials

Directory Traversal with DotDotPwn (HTTPS Mode)

This is my experience when I was dealing with some applications that have a Directory Traversal vulnerability. I was using DotDotPwn by nitr0us when finding a vulnerability on Quickshare File

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 19 Mar 2012 • 4 min read
Aviosoft DTV Player 1.x Stack Buffer Overflow
Security Advisory

Aviosoft DTV Player 1.x Stack Buffer Overflow

Aviosoft DTV Player is a multiple format video player application. Aviosoft DTV Player 1.0.1.2 and possibly earlier versions fail to properly handle malformed user-supplied data within a

  • Thomas Gregory
    Thomas Gregory
Thomas Gregory 9 Nov 2011 • 3 min read
Spentera Blog
  • Home
  • Cyber Threat Intelligence
  • Exploit Development
  • Security Advisory
  • Disclaimer
  • About Us
Spentera Blog © 2022
Latest Posts Facebook Twitter Ghost