I haven’t write posts for a while, and now I want to share with you my speeches at OpenSysConf’22 “The history of the one CVE or how to hack hacker on Kali Linux” and BeetechConf’23 “Your code through the eyes of a hacker”.
Category: Research
SSRF vulnerability in the Tumbler plugin of XFCE
SSRF vulnerability was found in Tumbler plugin of XFCE. It works on the latest Debian and Kali Linux, and high likely on all Linux distributions with out-of-date XFCE.
Interesting case with code execution in Nmap
About remote code execution vector in Nmap that was found in web site for system administrators.
Multiple vulnerabilities in LibreHealth EHR 2.0.0 part 2
During an internship at NitroTeam.kz, my students found several vulnerabilities in LibreHealth: Broken Access Control (CVE-2022-31496), Cross-Site Scripting (CVE-2022-31492, CVE-2022-31493, CVE-2022-31494, CVE-2022-31495, CVE-2022-31497, CVE-2022-31498).
Multiple vulnerabilities in LibreHealth EHR 2.0.0
I have found several vulnerabilities in open-source system LibreHealth EHR 2.0.0. More precisely 1 SQL-injection (CVE-2022-29938) and 2 Cross-site scripting (XSS) (CVE-2022-29939, CVE-2022-29940) vulnerabilities.
My speech at Kolesa Conf’21
I spoke at conference Kolesa Conf’21 several days ago with topic “Hacking up-to-date Wordpress”. Presentation shows that cross-site scripting (XSS) almost always will lead to client-side request forgery, and most times to remote code execution (RCE) even in the case with freshest Wordpress.
Open SysConf’21 is over
That was amazing conference and nice collaboration with professionals, especially in the pandemic time.
CVE-2021-34187. Unauthenticated SQL injection in Chamilo LMS 1.11.x and (dev version of) 2.0
Lack of sanitization of GET-parameters searchField, filters, filters2 in /main/inc/ajax/model.ajax.php leads to the multiple unauthorized SQL injections in Chamilo LMS 1.11.x and (dev version of) 2.0
CVE-2020-29143. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in interface/reports/non_reported.php leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).
CVE-2020-29142. SQL injection vulnerability in OpenEMR 6.0.0-dev, 5.0.2(5)
Ineffective use of add_escape_custom() in interface/usergroup/usergroup_admin.php leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).