Redis service unauthenticated write access to OS file system

Redis is a in memory key-value database. Due to the nature of the database design, typical use cases are session caching, full page cache, message queue applications, leaderboards and counting among others. By default, the service runs on port 6379. In my case, redis was running on a range of ports 7081-7090. So an nmap [...]

CVE-2018-2894 – Weblogic JSP File Upload

CVE-2018-2894 - Weblogic JSP File Upload vulnerability Oracle weblogic suffers from a trivial file upload vulnerability. Here are the steps to reproduce the vulnerability. 1) Go to http://172.17.0.2:7001/ws_utc/config.do If you can’t access 172.17.0.2:7001/ws_utc. This means the webservice test client is disabled for your weblogic server which is a good thing. 2) Change the Work Home [...]

CVE-2018-3004 – Oracle Database Privilege Escalation via XML Deserialization

Oracle Database Privilege Escalation via XML Deserialization Since this is a privilege escalation, lets assume you have access to oracle database with atleast the following roles: CONNECT and RESOURCE In this example the user tom has been granted connect and resource roles XML Deserialization Java.beans library has two classes XMLEncoder to serialize a Java object [...]

CVE-2018-17246 – Kibana Local File Inclusion

Logstash is an open source tool for collecting, parsing, and storing logs for future use. Kibana is a web interface that can be used to search and view the logs that Logstash has indexed. Both of these tools are based on Elasticsearch. Elasticsearch, Logstash, and Kibana, when used together is known as an ELK stack. Vulnerability: Affected URL:  http://<IP>:5601/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../<js file> Affected Parameter: apis The [...]

SLAE 0x5 – Shellcode Analysis

Today, we find shellcodes on various websites like shell-storm.org, exploit-db.com and other internet forums. Running shellcode without understanding the code could have catastrophic results . For instance, a shellcode could do an rm -rf  on the file system even though the comments in the shellcode indicate otherwise. Therefore, I think its important we learn whats going [...]