info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
New Episode of hacker show day[0]
3 views
Skip to first unread message
rek2 hispagatos
Oct 10, 2023, 10:09:11 AM10/10/23
to
217 - Insecure Firewalls, MyBB, and Winning with
WinRAR [Bug Bounty Podcast]
https://vid.puffyan.us/watch?v=EAIo9uy1saE
This week we've got some fun issues, including a WinRAR processing
bug that results in code execution due (imo) to a filename
adjustment when extracting that isn't performed consistently.
A MyBB admin-panel RCE, fairly privileged bug but I think
the bug pattern could appear elsewhere and is something to
watch out for, And several silly issues in a "next-gen"
firewall, including source disclosures and RCEs
from the login page.
Links and vulnerability summaries for this episode
are available at: dayzerosec.com/podcast/217.html
Happy Hacking
ReK2
--
- {gemini,https}://{,rek2.}hispagatos.org - mastodon: @re...@hispagatos.space
- [https|gemini]://2600.Madrid - https://hispagatos.space/@rek2
- https://keyoxide.org/A31C7CE19D9C58084EA42BA26C0B0D11E9303EC5
WinRAR [Bug Bounty Podcast]
https://vid.puffyan.us/watch?v=EAIo9uy1saE
This week we've got some fun issues, including a WinRAR processing
bug that results in code execution due (imo) to a filename
adjustment when extracting that isn't performed consistently.
A MyBB admin-panel RCE, fairly privileged bug but I think
the bug pattern could appear elsewhere and is something to
watch out for, And several silly issues in a "next-gen"
firewall, including source disclosures and RCEs
from the login page.
Links and vulnerability summaries for this episode
are available at: dayzerosec.com/podcast/217.html
Happy Hacking
ReK2
--
- {gemini,https}://{,rek2.}hispagatos.org - mastodon: @re...@hispagatos.space
- [https|gemini]://2600.Madrid - https://hispagatos.space/@rek2
- https://keyoxide.org/A31C7CE19D9C58084EA42BA26C0B0D11E9303EC5
0 new messages