PHP Tricks in Webshell

Background There was an online challenge for one position I applied last year. It was an easy PHP de-obfuscation. I modified it so it can not be searched for those who are doing the similar exercise and share it here. The Original Problem / Analysis The problem was: what does this file do? Though itContinue reading “PHP Tricks in Webshell”

5 Ways to Do Code-audit

Based On API For example, if the target program uses SpringMVC, we can use annotation to find the entrace functions. I.E. Globally search “@(.*?)Mapping(” so that it can match @RequestMapping, @GetMapping Based on Dangerous Functions According to the dangerous functions, then reverse the process to find source. (Function entrance) For example, if we want toContinue reading “5 Ways to Do Code-audit”

Python URL Parse Problem (CVE-2023-24329) Timelines 07/20/2022: Issue first discoverd 08/03/2022: Report sent to 08/25/2022: One staff wrote: “I personally agree this should probably be improved, we’ll see if I can convince the others. They’ll likely say we need to work through it publicly” 09/30/2022: Report accepted by CERT. (VU#127587) 11/12/2022: Issue is accidently fixed But theContinue reading “Python URL Parse Problem (CVE-2023-24329)”

Reproduction of CVE-2021-4034

Background The reason of reproducing this vulnerability is because this vulnerability is quite interesting – it takes the advantage of out range writing and make it as a vector to do priviledge escalation. Moreover, after reading some articles, two questions remain in my mind: Though a few articles do touch the surface of these twoContinue reading “Reproduction of CVE-2021-4034”

Reproduction on CVE-2021-26690

Abstraction This article is the first article and the only article that thoroughly anaylzes and produces CVE-2021-26690. It is a great demostration on how to analyze and reproduce CVEs that are not publi Also, during the process, I also found a security-in-depth problem for its fix and issued a pull request for the apache project.Continue reading “Reproduction on CVE-2021-26690”

1day RCE in an IDS Device

Warning This article is protected by a password. So probabally it is a not publicly disclosed issue or it is an article only shared with limited scope. If you are permitted to view, please do not share any detail with anyone. The password is md5(my-linkedin-headline) -> md5(current ***** Alumnus)

Reflection on the Released TikTok Two-Factor Bypass Report

Background: Recently, a report was disclosed about bypassing TikTok’s two-factor authentication. The method used is quite interesting and unique; attackers repeatedly request login attempts. If the two-factor authentication pops up, they simply return to the username and password page and try again until it is no longer required. Reflection: TikTok official explained it asContinue reading “Reflection on the Released TikTok Two-Factor Bypass Report”

XSS Trick – Priority

I found an interesting example today where the double quote is banned inside of the value parameter. Typically there is no solution to this because attackers are not able to escape the double quotes, and therefore everything will be the value including brackets. I.E. the following form is not working However, the situation gets dramaticallyContinue reading “XSS Trick – Priority”

New Domain – New Blog

The previous blog was abandoned because too many casual notes were there. Also, only a small number of articles will be imported because it is a freash new start for 2023!