We found a vulnerability during a pentest in a file sharing web application named FileRun. It allows us to access files anywhere through a self-hosted secure cloud storage, backup and sharing files for photos, videos, files and more. The Vulnerability... Read more
It's been a while since our last post about exploitation. This time, we try to explain a stack-based overflow on Cyberlink LabelPrint, a tool to assist in designing labels for CD / DVD covers. It is included in the installation of... Read more
After playing around with unicode stack overflow, I try to do it on an application called AllPlayer. The techniques used are not much different, so the result will be the same as the previous exploits. It seems that this application... Read more
We found a vulnerability on NetGain Enterprise Manager during a pentest. We think that the vulnerability is quite rare and worth to share. Local File Inclusion Normal Request: POST /u/jsp/log/download_do.jsp HTTP/1.1 Host: 192.168.0.21:8081 User-Agent: Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101... Read more
EternalBlue dapat digunakan untuk melakukan eksploitasi pada layanan Server Message Block (SMB) tanpa membutuhkan proses otentikasi. Kemudian ditambah dengan menggunakan DoublePulsar untuk mengirim sekaligus mengeksekusi malicious Dynamic-Link Libraries (DLL) atau raw shellcode pada komputer korban. Berikut contoh percobaan eksploitasi pada... Read more