Twitter | Pretraživanje | |
Man Yue Mo
Security research at and
26
Tweetovi
88
Pratim
1.169
Osobe koje vas prate
Tweetovi
Man Yue Mo 6. velj
In this post I give details about how to create an exploit for the type confusion vulnerability (CVE-2018-19134) of Ghostscript and turn it into a RCE. I have to say PostScript is not my prefer language for writing exploit.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 23. sij 2019.
Odgovor korisniku/ci @steventseeley @taviso
Thanks! I hope you'll find QL useful and do let us know of any feedback and comments, or if there's any open source code that you'd like to look at but is not on .
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 23. sij 2019.
This post gives the details of some type confusions (CVE-2018-19134,19475-76) that I found in Ghostscript after studying reports of similar issues filed by between 2016 and 2018. The tools used for finding these bugs are open sourced.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 14. sij 2019.
This post contains the details of a sandbox escape bug in Ghostscript that I found a couple of months ago that is a variant of the ones that discovered last August.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 22. stu 2018.
Odgovor korisniku/ci @taviso
Thanks! I've agreed with the vendor to not publish the details for a couple of weeks, but should be able to share some details, as well as the tools I used to discover these bugs after that.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 21. stu 2018.
Done some variant analysis with the Ghostscript RCEs that found in the last few months and ended up finding another -dSAFER bypass RCE, plus some type confusions, one of which is also a proper RCE. All patched in 9.26. Write ups coming soon.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 21. stu 2018.
This post reviews OGNL mitigation measures in Struts and how they were bypassed in the past, leading up to a CVE-2018-11776 exploit that actually works.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 31. lis 2018.
Patch Apple devices and avoid public wifi! discovered a kernel heap overflow that can be triggered by someone sharing the same network as you, affecting all devices by default without user interaction.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 4. lis 2018.
In this post on Struts' OGNL injection vulnerabilities I'll go through a type of RCE issue called "double evaluation". There are a number of new issues, although no CVE as Struts did not think it's their responsibility.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 25. ruj 2018.
In this second post on Struts' ognl injection vulnerabilities I'll give an overview of the structure of Struts and a more detailed dataflow analysis of CVE-2018-11776.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 30. kol 2018.
Odgovor korisniku/ci @ngthienan4189
There are probably other versions of Struts2, e.g. 2.2.x that are no longer supported and maybe affected. I haven't tested v1, but Struts 1 and 2 are very different so I'm not surprised by your find. However, Struts 1 probably got other problems.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 24. kol 2018.
For people looking into intrusion detection of CVE-2018-11776. From what is available in public, it should be clear that the attack is done via a url with ognl. So look for url that contains ognl. An exploit won't tell you more than that.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 24. kol 2018.
Odgovor korisniku/ci @frohoff @GossiTheDog i 2 ostali
For the cases I tested, alwaysSelectFullNamespace has to be true (false by default). What worries me is that the showcase app is vulnerable without setting this explicitly. I then realized the convention-plugin overrides it and I can't be sure if something else does it also.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 23. kol 2018.
Odgovor korisniku/ci @BufferBandit @samlanning
Yea, makes me jealous of people who uses windows every time I see the calculator pop. :)
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 22. kol 2018.
Odgovor korisniku/ci @etawiah @bas_van_schaik @LGTMHQ
It's an attack on the server by sending a crafty HTTP request, (not XSS or phishing on the client) so there is no end user here and doesn't require any user interaction.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 22. kol 2018.
Struts users should take the advice of the Struts team to upgrade: the new versions are backward compatible and they don't just patched CVE-2018-11776 but also include general security improvements to make life harder for hackers.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 22. kol 2018.
As some people have asked about exploits of CVE-2018-11776. I don't plan to release it at the moment so that users can have time to upgrade, I would also like to urge others to refrain from releasing exploits just yet.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 22. kol 2018.
Odgovor korisniku/ci @atucom
We will not be releasing PoC or exploits at this stage to give people time to upgrade, thanks.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 22. kol 2018.
I'm writing some blogs that study RCEs in . I'll start with the latest CVE-2018-11776 that I found and how they are related to some previously known RCEs.
Reply Retweet Označi sa "sviđa mi se"
Man Yue Mo 22. kol 2018.
Odgovor korisniku/ci @hooyaru
hi we've got more details here: and here:
Reply Retweet Označi sa "sviđa mi se"