Rails is a web application development framework written in the Ruby programming language. It is designed to make programming web applications easier by making assumptions about what every developer needs to get started.
[CVE-2019–5418] description: NVD
There is a File Content Disclosure vulnerability in Action View (Rails) <184.108.40.206, <220.127.116.11, <18.104.22.168, <22.214.171.124 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. Versions Affected: All. Not affected: None. Fixed Versions: 6.0.0.beta3, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11 The impact is limited to calls to render which render file contents without a specified accept format…
TradingView has popular charting libraries which are used in many online trading platforms for stocks or cryptocurrencies. This vulnerability is a fairly new XSS vulnerability. This vulnerability could bypass Cloudflare or other defense mechanism and cause financial losses due to account request forgery or malicious manipulation. We are going to talk about the vuln and the mitigation.
Since TradingView’s library is widely-used, we can easily find a test target amongst stock exchange or cryptocurrency exchange platforms. Now let’s try to trigger the alert dialog.
After a little bit trying and looking at the code, we have the payload.
This is a straight-forward company directory. First thing came to our mind was SQL injection without thinking too much about the challenge name (because it was a 50-pt challenge…). After trying a bunch of SQL injection quickly we suddenly realized this is LDAP injection (dah), so we put
* as search query to confirmed this should be LDAP injection.
LDAP Injection is an attack technique used to exploit web sites that construct LDAP statements from user-supplied input.
Lightweight Directory Access Protocol (LDAP) is an open-standard protocol for both querying and manipulating X.500 directory services.
The web app looks…
Redis, is an open source, widely popular data structure tool that can be used as an in-memory distributed database, message broker or cache. Since it is designed to be accessed inside trusted environments, it should not be exposed on the Internet. However, some Redis’ are bind to public interface and even has no password authentication protection.
Under certain conditions, if Redis runs with the root account (or not even), attackers can write an SSH public key file to the root account, directly logging on to the victim server through SSH. …
Before my write-up, I want to mention that I read some well-written write-ups/tutorials after solving the Basic Missions and they do a good job guiding you to the right direction without spoilers. And there are a ton of this kind of well-written write-ups out there, you should read some of them just too see how others attack the same problem and their angles.
Like it says, it’s “The Idiot Test”. The password is hidden in HTML source code.
I’m sure when everyone reads…
Have you ever heard of the Google Games? Get ready to have some fun! This “in a box” version of the Games includes head-to-head team competitions in a series of challenges including trivia, puzzles, word association, and coding.
At The Google Games RPI, competitors will compete against other students for victory in challenges that test your brains and creativity to their limits! It’s a continuum of fun as teams of five go head to head in rigorous events: trivia, puzzles, word association, and coding competitions. Teams of five undergraduate studets will be competing for fun Google swag prizes.
A Computer Science Student @ Rensselaer Polytechnic Institute who is intrigued by Cybersecurity. Favorite sport: Pentesting.