wtorek, 12 grudnia 2017

'modus operandi' - Piwigo 2.9.2

As I 'promised': Vendor received the details but after all* - to this day - I have no idea what's goin on now... No response, no feedback, so "Vendor don't care" in my opinion. Full disclosure.

'modus operandi' - Horde 5.2.x

Last time we saw few 'moments' when modus.py was started against GeniXCMS. Today we will do the same with Horde (partially described here as well as [1],[2],[3]). So...

wtorek, 5 grudnia 2017

'modus operandi' - GeniXCMS 1.1.5

During last few days I tried to rewrite few parts of modus.py to get more similar results to those described for the 'latest' version of Horde.

 TL;DR - we have a new version of modus.py =]

czwartek, 30 listopada 2017

First results from modus.py

Ok. Here we go again... During last few days after I had a pleasure to received some 'results' from CVE Team (1,2,3). I decided that it should be good ('enough';]) idea to create a small 'poc script' (again) to automate a little bit the process of 'finding bugs' (for example: like those mentioned in CVE's reference(s)). Below you will find few details collected after few days of 'research' and pinging the Vendors...

poniedziałek, 20 listopada 2017

RCE via XSS - Horde 5.2.19

This time I decided to sit for a while with Horde Groupware (5.2.19). “Ready to go” virtual machine we can find at Bitnami’s webpage (big thanks!) so using for example VirtualBox – you can set all things up very quickly. Below you will find few publicly disclosed bugs found during last few days...