Questions tagged [exploit]
The data, tools, and procedures which, when applied to a specific vulnerability, predictably violate the security design of a system.
1,315 questions
4
votes
2
answers
1k
views
How to check if a file contains exploit for a specific zero day vulnerability?
The latest iOS update contains a fix for some zero day vulnerabilities involving core audio, where a maliciously crafted media file can cause harm.
I have received a file - how can I verify it does ...
- 149
4
votes
0
answers
81
views
How much do ARM-like link registers make return-oriented programming harder?
ROP usually uses a buffer overflow to overwrite the x86 return address. However, ARM stores that in a register. What is the effect of this on return-oriented programming attacks on non-x86 ...
- 141
4
votes
1
answer
1k
views
Unexpected Mixpanel Cookie: Is this an attempted exploit?
Web application, large user base.
Every now and then we see a Mixpanel cookie, and this is blocked by a WAF ruleset (Azure DefaultRuleSet_1.0 942200
"Detects MySQL comment-/space-obfuscated ...
- 539
1
vote
0
answers
136
views
could XXE vulnerability lead to an RCE
I have identified an XXE vulnerability in an XML parser of an application that allows external entities.
I used the below crafted xml to do a get request on localhost on port 9090, and on the same ...
- 465
3
votes
1
answer
143
views
Why does this payload only work within pwntools?
I'm trying to learn binary exploitation. I started with the following:
https://github.com/tripoloski1337/learn-to-pwn/tree/master/overwrite_instruction_pointer
After a bit of experimentation, I ...
- 6,684
1
vote
0
answers
275
views
What was the "random" number Sony used for the PS3?
I've read that fail0verflow was able to hack the PS3 because Sony used a static number for the random number generator.
I'm just really curious, what number was used? 42? 4? 7669773?
Please note that ...
- 111
1
vote
0
answers
279
views
Potato exploits dont spawn reverse shell
What could be the reason for potato exploits not being able to spawn a reverse shell?
OS: Microsoft Windows Server 2022 Standard
Build: 20348
Exploits tried: RoguePotato, SigmaPotato, GodPotato
What ...
- 11
3
votes
1
answer
96
views
how is CVE-2021-22044 risky
I am looking at this CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-22044
The description says:
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to
2.2.9.RELEASE, and older unsupported ...
- 465
0
votes
0
answers
51
views
benefit to reading sensitive file chunks via a "middleman" shell script?
tldr: is using a script spawned by my main process, which reads only a chunk of a sensitive file then passing the result to my main process - of any benefit?
in contrast to loading the file in my ...
- 101
1
vote
1
answer
61
views
can a tomcat application sitting behind a reverse proxy be exploited
I am trying to exploit a vulnerability in tomcat based on CVE-2020-13935.
I found online this interesting poc https://blog.redteam-pentesting.de/2020/websocket-vulnerability-tomcat/
In my case, the ...
- 465
1
vote
2
answers
91
views
Linux Privilege Escalation - (running) Services [closed]
Since I'm quite new to the whole topic of linux privilege escalation I've done a few courses in which usually the enumeration of services is mentioned with commands like:
ps aux
systemctl --type=...
- 29
1
vote
1
answer
72
views
how to exploit pathtraversal vulnerability
I am pentesting an http server using jetty, where I have access to the code.
One of the urls I am looking at is get /services/test.js
Looking at the code below:
@GET
@Path("services/{...
- 465
3
votes
1
answer
143
views
can vulnerabilities in transitive dependencies be exploitable?
I am running nmap on an http server, and I got the netty version used by the server.
Netty version used is 9.4.53.v20231009 , I tried to check online for CVEs related to this version, and it seems ...
- 465
2
votes
1
answer
348
views
Ret2libc exploit not working but it seems correct in GDB
I am currently trying to perform a return-to-libc attack against a locally run program. Here are the steps I did:
I calculated the bytes needed to overwrite the saved return address
I used a buffer ...
- 21
2
votes
0
answers
115
views
Can recent VirtualBox vulnerabilities escape to host?
I ran an unpatched VirtualBox with a Windows guest that might have been compromised. Now I'm unsure if some recent exploits can escape guest-to-host in this scenario.
An example would be CVE-2024-...
- 21