D-Link: Multiple Security Vulnerabilities Leading to RCE

On the 30th of October, D-Link published a support announcement and released a new firmware to patch five vulnerabilities that Harold Zang, Technical Security Specialist at Trustwave, identified on the DSL-2888A router. These security vulnerabilities could allow a malicious Wi-Fi or local network user to gain unauthorised access to the router web interface, obtain the router password hash, gain plaintext credentials, and execute system commands on the router.

Continue reading →

Install and Setup Burp Suite Proxy & Certificate with Java Application

Introduction

Java application sometimes did not go through (use) the global proxy setting. This means that even we setup the proxy and import the burp suite certificate, we are still not able to intercept HTTPs traffic.

This article is going to show you how to setup your Burp Suite proxy and certificate with Java Application for intercepting HTTPs traffic.

Continue reading →

How did I find Command Injection in MVP-5150 (CVE-2019-11224)

Introduction

OS Command Injection is that the software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

This article describes that how did I find CVE-2019-11224 and three ways for bypassing “space” character while OS Command Injection.

Continue reading →

CVE-2019-11224 Injection dangerous command into HARMAN AMX

Injection Dangerous Command into HARMAN AMX

Affected Vendor: AMX – https://www.amx.com/
Affected Software: MVP5150 Firmware
Affected Version: Tested on V2.87.13
Issue type: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
Release Date: 07/05/2019
Discovered by: Harold Zang, Hivint
CVE Identifier: CVE-2019-11224
Issue status: Publish

Continue reading →

CVE-2018-19453 Upload Malicious File in Kentico CMS

Upload Malicious File in Kentico CMS

Affected Vendor: Kentico – https://www.kentico.com
Affected Software: Kentico CMS
Affected Version: Tested on 11.0
Issue type: Unrestricted Upload of File with Dangerous Type
Release Date: 08/01/2019
Discovered by: Harold, Hivint
CVE Identifier: CVE-2018-19453
Issue status: Fixed (Hotfix 11.0.45)

Continue reading →

ezXSS NGINX Rewrite Rules

Introduction

ezXSS is a XSS platform that can test (blind) Cross Site Scripting, steal cookies and other attacks. It is a open source XSS platform, you can find the source code in Github. However, the original source did not give NGINX Rewrite rules.

This article will show you ezXSS NGINX rewrite rules.Therefore, you can build your ezXSS with NGINX.

Continue reading →

How to Attack Apache Solr By Using CVE-2017-12629

Introduction

Apache Solr is highly reliable, scalable and fault tolerant, providing distributed indexing, replication and load-balanced querying, automated failover and recovery, centralized configuration and more. You can find more information by clicking this link.

This article shows that how to use CVE-2017-12629 to attack it.

Continue reading →

Docker Install and Uninstall on Ubuntu 16.04.2

Introduction

When you install docker form ubuntu source, you may cannot install the lasted version. It may lead to you cannot implement your environment or have a error when you running your project.

This article will show you how to uninstall and install the lasted version docker on Ubuntu Linux 16.04.2.

For more information, please read the offical website.

Continue reading →

Apache CVE-2017-7659 Issue Analyse and Payload

Introduction

Recently, Apache released Apache httpd 2.4.26. And 2.4.26 fix a lot of issues. You can find the detail in this link. One of the issue is CVE-2017-7659. This article will discuss this issue and show the payload.

Continue reading →

Reverse and inject code to Android Application

Introduction

This article tell you how to reverse and inject your own code to Android Application. Therefore you can get sensitive information, Series Number or other information.

Continue reading →

SpZ

SpZ's Blog

Post Category → Security

D-Link: Multiple Security Vulnerabilities Leading to RCE

Install and Setup Burp Suite Proxy & Certificate with Java Application

Introduction

How did I find Command Injection in MVP-5150 (CVE-2019-11224)

Introduction

CVE-2019-11224 Injection dangerous command into HARMAN AMX

Injection Dangerous Command into HARMAN AMX

CVE-2018-19453 Upload Malicious File in Kentico CMS

Upload Malicious File in Kentico CMS

ezXSS NGINX Rewrite Rules

Introduction

How to Attack Apache Solr By Using CVE-2017-12629

Introduction

Docker Install and Uninstall on Ubuntu 16.04.2

Introduction

Apache CVE-2017-7659 Issue Analyse and Payload

Introduction

Reverse and inject code to Android Application

Introduction