Remote Command Execution in HP TippingPoint Security Management System

During a recent security audit, SCRT discovered a TippingPoint SMS server that exposed a famously exploitable JBoss invoker to any unauthenticated user. By using this invoker, it is possible to upload new applications on the server that are then run with the permissions of the JBoss application server (which happens to be running as root in this case).  The server can then be compromised entirely by uploading new files into the SMS application’s folder and then accessing them through a Web browser. This  could be done with the help of a very practical tool called jimmix which makes it possible to invoke commands on a JBoss server from the command line.

Continue reading Remote Command Execution in HP TippingPoint Security Management System

Insomnihack 2013 – Facebookalypse

This challenge was definitely one of the harder web missions and based on a redefined session handler mechanism that was initially discovered in a relatively well-know Firewall brand. It is also very similar to the example you can find on PHP’s own documentation here :

Continue reading Insomnihack 2013 – Facebookalypse

XSS dans Twitter pour IE <= 8



For an english summary, go to the bottom of this post


Une mise à jour de Twitter a eu lieu pendant la nuit de mardi à mercredi, elle aura permis de protéger les utilisateurs d’Internet Explorer 8 d’au moins une faille XSS se trouvant dans la génération des tweets possédant des URLs contenant certaines séquences de caractères spéciaux.

Continue reading XSS dans Twitter pour IE <= 8