Introduction During one of our research activities, we discovered an undisclosed PHP Object Injection on Joomla CMS from the release 3.0.0 to the 3.4.6 (releases from 2012 to December 2015) that leads to Remote Code Execution.A PHP Object Injection was discovered in the wild and patched in the 3.4.5 version (CVE-2015-8562), however, this vulnerability depends also a lot on […]
During a security assessment, we found an Insecure Direct Object Reference on Prestashop. In particular, the finding could allow an attacker to leak personal information such as first name, last name, phone number, shipping and invoice address. This vulnerability affects all versions before v1.7.6.0 RC2 and was referred as BUG FIX #14444 in the Changelog. (changelog_1.7.6.0-rc2.txt) The vulnerability […]
I don’t usually play CTFs, but this time i wanted to improve my radare2 and reversing skills.All crackme challanges can be found here.Levels from 1 to 3 are really entry-level, from 4 ahead start to be interesting. As the README says: “It’s reverse engineering, not cracking.”. That means we don’t have to patch the binary in […]
- 1
- 2