Exploiting CVE-2018-12591 Yesterday I managed to get my first two CVEs. One of which is CVE-2018-12591. This is a writeup of how this vulnerability can be exploited. Although it’s not the most complicated vulnerability to exploit, it might still be helpful for those wishing to learn. As always, this is intended for purely educational purposes. So a brief summary of the vulnerability: It’s possible to execute arbitrary commands as root by exploiting commands in the copy command by injecting into the user part of the FTP/TFTP URL. This is due to the FTP user details are directly put into an OS command for FTP/TFTP without proper filtering. The EdgeSwitch is different to other Ubiquiti products because whereas the EdgeRouter and[…]

Contents: Introduction Bypassing Basic HTTPS Bypassing 301 Caching Bypass non-preloaded HSTS through NTP Bypassing Preloaded HSTS through logic errors Cookie Domains Exploiting with MiTM on DNS Exploiting without MiTM on DNS   Introduction The old ways are dead. Gone are the days where one could sit on a network, watch the plaintext traffic, and hijack sessions all day long. Admins have been shamed publicly on twitter for not implementing HTTPS and now… HTTPS prevents you from viewing the data you wish to obtain. Welcome to MiTM in the age of HSTS. This post will not focus on vulnerabilities that are likely patched on any servers you want to target (BEAST, FREAK, etc) or problems that exist with old or relatively[…]

I’ve spent a lot of my time doing security bits ‘n bobs for a large takeaway EPOS company. Usually this entails a full review all every repository to patch SQL injection vulnerabilities, Cross-Site Scripting vulnerabilities, and loopy logic vulnerabilities or mitigating random DDoS attacks, however on occasion I get to handle something a little different. A lot of the images here have had details removed to protect the privacy of both those I work for and those I don’t. I was monitoring the CPU Utilisation on AWS and noticed a weird spike to just over 10% utilisation (for some context, this is out of hours for most takeaways and CPU utilisation had been around 2% for the past few hours).[…]