Gaetan

Expecting to struggle finding a gadget chain in WordPress Core during an assessment when devs suddenly decided to make it easy : fenrisk.com/publications/b…

🔥 Unauthenticated RCE vulnerability in JetBrains TeamCity (CVE-2023-42793) 🔥 We just disclosed the technical details explaining how a vulnerable Request Interceptor and a few undocumented endpoints led to RCE on one of the most popular CI/CD servers: sonarsource.com/blog/teamcity-…

Zip-slipping to RCE via Auto-Reload: OpenRefine is prone to critical security vulnerability (CVE-2023-37476). Read more in our latest blog post: sonarsource.com/blog/openrefin… #security #vulnerability #appsec

RCE in Apache OpenMeetings due to SQL weak comparison, unexpected application state, and null-byte injection. Check out the technical details in our latest blog post: sonarsource.com/blog/a-twist-i… #appsec #security #vulnerability

We are excited to share that we have two entries in the running for the next Pwnie Awards 🐴✨ 👇

🥑 The Hazards of Technological Variety and Parallelism: An Avocado Nightmare, by Stefan Schiller (@scryh_)

Super excited to present this at Hexacon! See you there :)

@g0ziem @TheASF Considering the exploitation scenario is application dependent, there is no generic, always working, PoC. That said, you should find all the required technical information in the issue write-up synacktiv.com/publications/c….

@_mabote_ @TheASF Hello, is there a POC for this?

I have just been credited by @TheASF for CVE-2022-31813. It's a weakness in mod_proxy management of hop-by-hop headers. More details to come. Brace yourselves #BugBounty hunters, new opportunities for 💰💰💰.

@Sonar_Research identified and linked two vulnerabilities, leading to one-click remote code execution (RCE) exploit in Pimcore. Check out this @SecurityWeek article for all the details: securityweek.com/pimcore-platfo… #appsec #security #vulnerability

Sonar at @BlackHatEvents Asia! Look for us at Booth B20 for live demos with our solution! In addition, @Sonar_Research member Paul Gerste will host a presentation: "Stealing with Style: Using CSS to Exploit ProtonMail & Friends" on May 11, 11:20 am at Roselle Junior Ballroom!

What do we need content types for anyway? Let's look into how an incorrect content type led to a real-world vulnerability in the famous business suite Odoo, CVE-2023-1434 🐛 sonarsource.com/blog/odoo-get-… #appsec #python #cleancode

Windows authentication & Prox-Ez is the topic of the last Synacktiv talk at #THCon, staring @b1two_ and @YofBalibump

“Patches, collisions and root shells: a Pwn2Own adventure” will be presented by @scryh_, @pspaul95 & @swapgs@infosec.exchange from team @Sonar_Research at #TyphoonCon23! Learn more and get your tickets today: typhooncon.com/blog/conitems/…

🗡️ Argument Injection Vectors A curated list of exploitable options when dealing with argument injection bugs Capabilities: run a command, file write, file read, library load ➡️ chrome '--gpu-launcher="id>/tmp/foo" By @Sonar_Research #bugbountytips sonarsource.github.io/argument-injec…

SNMP to RCE - Read about an XSS vulnerability we discovered in LibreNMS, which can be exploited by sending a spoofed SNMP trap and gain code execution via Blade templates: sonarsource.com/blog/it-s-a-sn… #appsec #security #vulnerability

A server monitoring software 🌡 named Supermicro SuperDoctor 5 has been encountered during an assessment. However, @bak_sec and @_mabote_ were not big fans of the web app UX and thought a root shell would be more suitable 🐚 ➡️ Read more about this RCE: synacktiv.com/sites/default/…

In no time, the mighty @elvanderb pwned his favorite target: XNU, the Apple MacOS kernel! Rumor has it that he took more time developing the ASCII art than the actual exploit 🥷 #P2OVancouver

Did you enjoy the latest blogpost on PHP filter chains? Well, our ninja @_remsio_ strikes again with a new article detailing how you can abuse them to leak files from the targeted system, as well as a freshly developed tool to exploit it! synacktiv.com/publications/p…

Fishing for bugs in PHP apps be like

@MathisHammel @plhery On en parlait déjà en 2016... Pas surpris de voir que ça continue 7 ans plus tard sur ce genre d'apps. youtube.com/watch?v=M7vdzg…