Posts

DirtyCred : CVE-2022-2588

Image
  A vulnerability in the Linux kernel that allows data to be overwritten in arbitrary read-only files. Since unprivileged processes can inject code into parent processes, this vulnerability can lead to privilege escalation.  DirtyCred is a kernel exploit concept that exploits the heap memory reuse mechanism to obtain high privilege. This vulnerability is similar to the DirtyPipe  vulnerability ( CVE-2022-0847 ) impacting Linux kernel versions 5.8 and later. The attack includes 3 steps: 1.  Free an in-use unprivileged credential 2. Allocate privileged credentials in the free memory slot by triggering a privileged userspace process such as su, mount, or sshd 3. Operate as a privileged user Exploit in action: 1.      Login to the vulnerable machine and check the kernel version “ uname -a ” {The exploit works on most Centos 8 kernels higher than linux-4.18.0-305.el8 and most ubuntu 20 kernels higher than 5.4.0-87.98 and 5.11.0-37.41} 2.      Check the current user id and /etc/p

Unrestricted File Uploads

Image
Uploading is the transmission of a file from one computer system to another, usually a larger computer system. For instance, a job portal would allow a user to upload a resume and certificates whereas a banking website would allow a user to upload supporting documentation such as identity, address, and income proof. What is  Unrestricted File Upload ? If the File Upload functionality is not properly designed, this might bring up the danger. An attacker can take advantage of this functionality and upload executable codes in file formats such as PHP file, JavaScript, and exe, which could attack client machines or the network by uploading viruses, worms, or trojan horses.  This is what is known as file upload vulnerability. Types of File Upload Vulnerability : Local file upload vulnerability - A local file upload vulnerability is a vulnerability where an application allows a user to upload a malicious file directly which is then executed. Remote file upload vulnerability - A remote file

XML Injection

Image
  XML injection is an attack technique used to manipulate or compromise the logic of an XML application or service.It allows an attacker to inject malicious and/or unexpected input that can break XML logic. Depending on the functionality and XML usage of an application, a successful XML injection may cause unauthorized access to resources and sensitive data disclosure. What is XML? ✔ XML stands for eXtensible Markup Language.  ✔ It is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. It is  designed to store and transport data. XML is  extensible and hence can be tailored according to the application. ✔ XML uses a tree-like structure (XML Tree structure) of tags and data where tags can be user defined. To interpret XML data, an application needs XML parser, also known as the XML processor. Example : An XML document is always descriptive and can be referred as XML tree structure. XML Entities :  XML entiti

Formula Injection

Image
    What is Formula injection? 📌Formula injection, also known as CSV Injection occurs when the application export dynamically constructed spreadsheet documents (example .csv or .xls ) which may contain untrusted user-supplied data. 📌Upon opening the exported document, recipient's spreadsheet program can interpret those untrusted data/inputs as formulas and execute them on the recipient's system. 📌The attacker usually injects a malicious payload or formula into the input field. Once the data is exported and the file is opened, the spreadsheet application interprets and executes the malicious input on the assumption of a standard macro. H ow does it happen?    A spreadsheet program such as Microsoft Excel or Libre Office Calc etc. provides various in-built functions and formulas that can be used to perform other data analysis.  In the case of formula injection, any cells starting with special characters, eg, " = ", " + ", " - ", or " @ "