Windows Stack Buffer Overflow in a real life app — Exploit development — CloudMe_1.11.2 Buffer Overflow-CVE-2018–6892

CloudMe 1.11.2 Buffer OverFlow – Exploit Development.



This is Febin,

Twitter : febinrev

In this Post , I am gonna demonstrate windows Stack buffer overflow and exploit development in CloudMe 1.11.2 .

CloudMe is a cloud storage service. This buffer overflow vulnerability was patched and the exploit is released publicly in 2018 (CVE-2018–6892).

This is a Local Privilege Escalation Vulnerability

This demo will help guys who are preparing for OSCP or equivalent Certifications and also help guys (like me!) who wanna learn advanced hacking and exploit development. There are some executables/apps like “vulnserver” that are intentionally built to be vulnerable for educational purposes, but this is a real life application. So, basically we are developing a real exploit and attacking a real app.

Lets Go!

How to bypass mod_security (WAF)

Hello, this time I would like to share with you how to evade the WAF mod_security.

Looking for vulnerable pages I came across a website that, after spending a little time on it, I realized that it could be vulnerable to sql injections, then I realized that it was “protected” with mod_security and decided to see if I could skip the waf.

I share how I did it …

sql injection to bypass Mod_Security

sql injection + bypass Mod_Security


/*!50000%75%6e%69on*/ %73%65%6cect 1



Create encoded sql payloads

In this part I would like to give an example of how to create an encoded payload. First we are going to define the payload that we want to encode: union select 1,2,3,concat(table_name),5 from information_schema.tables table_schema = database() this case we are using the payload without any coding, but we have more ways to declare…

Bypass Addslashes using Multibyte Character

I beleive this tutorial is nother unique or new as compared to other tutorials on Securityidiots. Tutorial related to Addslash bypass can be found easily, but as we are trying to make securityidiots a portal having every shit about SQLi. So this too is worth posting 🙂 . Lets Start Our Tutorial With Little Bit…

Routed SQL Injection

Routed SQL Injection may sound a little bit different or tough for many of the injector being a new concept which confuse many of the injectors. Routed SQL injection is a situation where the injectable query is not the one which gives output but the output of injectable query goes to the query which gives…

DIOS the SQL Injectors Weapon

In this Post we will only know DIOS a little more and introduce some different and new flavors of DIOS. USAGE FOR ALL DIOS: Just put the code in place of vulnerable column and see the magic As most of you have seen this one the first DIOS: Above is a Awesome Piece of code…

How to find AngularJS XSS

Have you ever heard about publicwww? It’s a search engine for source code. So publicwww will fnd any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code. They have this list that you can search for: AdvertisingMarketingAnalyticsTechnologiesFrontendWidgetsCMS You can find it here They also have plans and pricing if…