Hacktive Security Blog » Application Security
115 FOLLOWERS
Discover articles with information on application security, secure technology, cloud security and more. Hacktive Security is a vendor-independent security consulting company that provides top-quality services in the Information & Communication Technology field.
Hacktive Security Blog » Application Security
2y ago
Read Time:3 Minute, 51 Second
During the time dedicated to research we found 2 Server-Side Request Forgery on Moodle. The first one is a Blind SSRF already discovered in 2018 and tracked as CVE-2018-1042 without a proper patch, the other one is a fresh SSRF while parsing image tags inside the same component (File Picker).
They are currently not patched and both working on the latest Moodle version because the Moodle Team, as they said from emails, leaves the responsibility to protect network interactions to system administrators. I personally do not agree with this stateme ..read more
Hacktive Security Blog » Application Security
2y ago
Read Time:4 Minute, 7 Second
TL;DR
During the monthly research activity, in accordance with the relative Respnsible Disclosure program, we found and went in depth with an interesting security issue allowing geolocation of mobile devices using TIM, an Italian communication provider. A malicious user could find the TIM customers geo-position by forcing the approval mechanism to allow the geopositional tracking. By the way, thanks to TIM and its Responsible Disclosure program that allows several researchers to ethically disclose findings since 2018.
The research has been focused on ..read more
Hacktive Security Blog » Application Security
2y ago
Read Time:9 Minute, 19 Second
Introduction
During one of our research activities, we discovered an undisclosed PHP Object Injection on Joomla CMS from the release 3.0.0 to the 3.4.6 (releases from 2012 to December 2015) that leads to Remote Code Execution.
A PHP Object Injection was discovered in the wild and patched in the 3.4.5 version (CVE-2015-8562), however, this vulnerability depends also a lot on the PHP release installed becoming not really trusty for all environments.
Comparing this RCE with CVE-2015-8562:
+ It is completely independent from the environment, b ..read more
Hacktive Security Blog » Application Security
2y ago
Read Time:1 Minute, 16 Second
During a security assessment, we found an Insecure Direct Object Reference on Prestashop. In particular, the finding could allow an attacker to leak personal information such as first name, last name, phone number, shipping and invoice address.
This vulnerability affects all versions before v1.7.6.0 RC2 and was referred as BUG FIX #14444 in the Changelog. (changelog_1.7.6.0-rc2.txt)
The vulnerability resides in the checkout process, during the selection of the delivery and invoice addresses. These addresses are bound to a global increment ..read more