Affected Vendor: Kentico – https://www.kentico.com
Affected Software: Kentico CMS
Affected Version: Tested on 11.0
Issue type: Unrestricted Upload of File with Dangerous Type
Release Date: 08/01/2019
Discovered by: Harold, Hivint
CVE Identifier: CVE-2018-19453
Issue status: Fixed (Hotfix 11.0.45)
In information security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations.
Return-to-libc is a method that defeats stack protection on linux systems.
This article will show you that how to attack C program by using buffer overflow and return to Libc method to pop a bash shell.
DevOops is a machine on the HackTheBox.
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated.
This article will show how to hack DevOops box and get user.txt and root.txt.
Canape is a machine on the HackTheBox.
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated.
This article will show how to hack Canape box and get user.txt and root.txt.
Poison is a machine on the HackTheBox.
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated.
This article will show how to hack Poison box and get user.txt and root.txt.
Stratosphere is a machine on the HackTheBox.
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated.
This article will show how to hack Stratosphere box and get user.txt and root.txt.
Silo is a machine on the HackTheBox.
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated.
This article will show how to hack Silo box and get user.txt and root.txt.
Aragog is a machine on the HackTheBox.
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated.
This article will show how to hack Aragog box and get root permission.
ezXSS is a XSS platform that can test (blind) Cross Site Scripting, steal cookies and other attacks. It is a open source XSS platform, you can find the source code in Github. However, the original source did not give NGINX Rewrite rules.
This article will show you ezXSS NGINX rewrite rules.Therefore, you can build your ezXSS with NGINX.
Apache Solr is highly reliable, scalable and fault tolerant, providing distributed indexing, replication and load-balanced querying, automated failover and recovery, centralized configuration and more. You can find more information by clicking this link.
This article shows that how to use CVE-2017-12629 to attack it.