Toizi

@Rode0day I have looked at the root cause now and it seems like the overflow check in cdf_read is not compiled correctly. When off_t is 64 bit no overflow occurs thus I compiled it on 18.04 32 bit where an adc instr gets generated. The challenge does add twice then cmp which is a nop

@Toizi Things look okay on our end for that challenge- you appear to have found an unintented bug! Up to file 5.38, if you compile with -include stdio.h, your inputs cause a segfault! The real version of file doesn't include stdio everywhere so it's not quite an N-day, but maybe close!

Our next bug-finding rode0 will kick off in just under 30 minutes! To get started and prove how many bugs you can find, visit rode0day.mit.edu

@Rode0day Oh I understand. I understood that as if there were a build config to use stdio.h. I am using 18.04 as well but can't reproduce it right now. Not sure if I am using a different crash file or if I mixed something up initially. I'll have to investigate

@Toizi When I cloned the repo onto my Ubuntu 18.04 machine, your inputs weren’t causing it to crash. We include stdio.h to make some of our internal logging work- when I added that it did crash, not sure why. I couldn’t reproduce the crash on master branch though.

@ippsec Just FYI your final analysis of the newline command injection was wrong. PHP's escapeshellarg does prevent it. The exploit's author reported[1] it and got it fixed[2]. Must have been an older version [1] github.com/Codiad/Codiad/… [2] github.com/Codiad/Codiad/…

#HackTheBox Player has been retired. This was a really fun box, discovering the backups on the webserver was surprisingly difficult so I added a new module to GoBuster. The unintended privesc was also super cool. youtube.com/watch?v=JpzREo…

@SpotifyCares Windows 10, build 1.0.48.103.g15edf1ec. Happend after reinstalling the OS

@SpotifyCares Desktop App telling me that a song is not available but I can import it? No local songs working at all i.imgur.com/pbwGfJS.png