PHDays Finals 2014 Homepage + Breadcrumbs Tasks Writeup

We’re going to look at two of the tasks of the PHDays finals, namely breadcrumbs which we solved and homepage, which unfortunately we were not able to solve during the CTF, though the solution seems to be correct. If you have any additional information on this particular task, I’d love to have your comments : @plopz0r.

Continue reading PHDays Finals 2014 Homepage + Breadcrumbs Tasks Writeup

Neo4j – “Enter the GraphDB”

Following interest for NoSQL (see MongoDB exploit :D), this time I wanted to check Neo4j, the famous Graph Database. As you can see on their blog http://blog.neo4j.org/, Neo4j is really active and updates come really often ! The v1 was released in 2010 and v2 in 2013 and I didn’t find any specific paper about security so it may be interesting… Don’t hesitate to correct me if I say something wrong !

Continue reading Neo4j – “Enter the GraphDB”

Remote Command Execution in HP TippingPoint Security Management System

During a recent security audit, SCRT discovered a TippingPoint SMS server that exposed a famously exploitable JBoss invoker to any unauthenticated user. By using this invoker, it is possible to upload new applications on the server that are then run with the permissions of the JBoss application server (which happens to be running as root in this case).  The server can then be compromised entirely by uploading new files into the SMS application’s folder and then accessing them through a Web browser. This  could be done with the help of a very practical tool called jimmix which makes it possible to invoke commands on a JBoss server from the command line.

Continue reading Remote Command Execution in HP TippingPoint Security Management System