CVE-2024-32651 – Server Side Template Injection (Changedetection.io)
Hacktive Security Blog » Application Security
by Edoardo Ottavianelli
1M ago
TL;DR A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Update changedetection.io to version 0.45.21 or later. A huge thanks to the mantainer (https://github.com/dgtlmoon) that was very responsive and collaborative to fix the issue, request a CVE number and inform the ..read more
Visit website
Multiple SSRF on Vanilla Moodle Installations
Hacktive Security Blog » Application Security
by Alessandro Groppo
2y ago
Read Time:3 Minute, 51 Second During the time dedicated to research we found 2 Server-Side Request Forgery on Moodle. The first one is a Blind SSRF already discovered in 2018 and tracked as CVE-2018-1042 without a proper patch, the other one is a fresh SSRF while parsing image tags inside the same component (File Picker).  They are currently not patched and both working on the latest Moodle version because the Moodle Team, as they said from emails, leaves the responsibility to protect network interactions to system administrators. I personally do not agree with this stateme ..read more
Visit website
A true story of mobile device geolocation
Hacktive Security Blog » Application Security
by Alessandro Groppo
2y ago
Read Time:4 Minute, 7 Second TL;DR During the monthly research activity, in accordance with the relative Respnsible Disclosure program, we found and went in depth with an interesting security issue allowing geolocation of mobile devices using TIM, an Italian communication provider. A malicious user could find the TIM customers geo-position by forcing the approval mechanism to allow the geopositional tracking. By the way, thanks to TIM and its Responsible Disclosure program that allows several researchers to ethically disclose findings since 2018. The research has been focused on  ..read more
Visit website
Rusty Joomla RCE
Hacktive Security Blog » Application Security
by Alessandro Groppo
2y ago
Read Time:9 Minute, 19 Second Introduction During one of our research activities, we discovered an undisclosed PHP Object Injection on Joomla CMS from the release 3.0.0 to the 3.4.6 (releases from 2012 to December 2015) that leads to Remote Code Execution. A PHP Object Injection was discovered in the wild and patched in the 3.4.5 version (CVE-2015-8562), however, this vulnerability depends also a lot on the PHP release installed becoming not really trusty for all environments. Comparing this RCE with CVE-2015-8562: + It is completely independent from the environment, b ..read more
Visit website
Prestashop
Hacktive Security Blog » Application Security
by Alessandro Groppo
2y ago
Read Time:1 Minute, 16 Second During a security assessment, we found an Insecure Direct Object Reference on Prestashop. In particular, the finding could allow an attacker to leak personal information such as first name, last name, phone number, shipping and invoice address. This vulnerability affects all versions before v1.7.6.0 RC2 and was referred as BUG FIX #14444 in the Changelog. (changelog_1.7.6.0-rc2.txt) The vulnerability resides in the checkout process, during the selection of the delivery and invoice addresses. These addresses are bound to a global increment ..read more
Visit website

Follow Hacktive Security Blog » Application Security on FeedSpot

Continue with Google
Continue with Apple
OR