Open Bug Bounty Blog

Windows Stack Buffer Overflow in a real life app — Exploit development — CloudMe_1.11.2 Buffer Overflow-CVE-2018–6892

Posted on March 28, 2021March 30, 2021 by febin_rev

CloudMe 1.11.2 Buffer OverFlow – Exploit Development.

Hi,

This is Febin,

Twitter : febinrev

In this Post , I am gonna demonstrate windows Stack buffer overflow and exploit development in CloudMe 1.11.2 .

CloudMe is a cloud storage service. This buffer overflow vulnerability was patched and the exploit is released publicly in 2018 (CVE-2018–6892).

This is a Local Privilege Escalation Vulnerability

This demo will help guys who are preparing for OSCP or equivalent Certifications and also help guys (like me!) who wanna learn advanced hacking and exploit development. There are some executables/apps like “vulnserver” that are intentionally built to be vulnerable for educational purposes, but this is a real life application. So, basically we are developing a real exploit and attacking a real app.

Lets Go!

Sysadminotaur nº88

Posted on February 10, 2021February 10, 2021 by Renzi25031469

Higher Submissions Quality Standard

Posted on February 10, 2021 by Open Bug Bounty

Folks,

We are happy to be included into the top 5 most promising bug bounty programs of 2021 by the TheHackerNews:

https://thehackernews.com/2021/02/top-5-bug-bounty-programs-to-watch-in.html

The recognition, however, comes with the responsibility – an inalienable part of our project. During the last days we received several complaints about automated submissions of irrelevant findings such as WordPress XMMRPC file existence. The value of such submissions for website owners is at least questionable.

Therefore, as of today, all CWE-200 submissions without practical value – including phpinfo pages – will be rejected and deleted. You may still submit them within the scope of the running bug bounty programs – if the website owner expressly marked that s/he wishes to get such submissions.

We also remind that the purpose of our project is quality of the submissions, not their quantity. All usage of automated tools will lead to account suspension – let’s bring value to the website owners and suitably support their efforts to secure their websites!

How to bypass mod_security (WAF)

Posted on December 25, 2020January 8, 2021 by _Y000_

Hello, this time I would like to share with you how to evade the WAF mod_security.

Looking for vulnerable pages I came across a website that, after spending a little time on it, I realized that it could be vulnerable to sql injections, then I realized that it was “protected” with mod_security and decided to see if I could skip the waf.

I share how I did it …

sql injection to bypass Mod_Security

Posted on December 10, 2020January 8, 2021 by _Y000_

sql injection + bypass Mod_Security

/*!50000un0x696fn*/+/*!12345AlL*/(/*!50000se0x6c65ct*/+1)

/*!50000%75%6e%69on*/ %73%65%6cect 1

/*!12345UnioN*//**/(/*!12345seLECT*//**/1)

/*!12345#qa%0A#%0AUnIOn*/(/*!12345#qa%0A#%0ASeleCt*//**/1)

Create encoded sql payloads

Posted on December 10, 2020December 10, 2020 by _Y000_

In this part I would like to give an example of how to create an encoded payload. First we are going to define the payload that we want to encode: union select 1,2,3,concat(table_name),5 from information_schema.tables table_schema = database() this case we are using the payload without any coding, but we have more ways to declare…

Bypass Addslashes using Multibyte Character

Posted on October 26, 2020 by _r00t1ng_

I beleive this tutorial is nother unique or new as compared to other tutorials on Securityidiots. Tutorial related to Addslash bypass can be found easily, but as we are trying to make securityidiots a portal having every shit about SQLi. So this too is worth posting 🙂 . Lets Start Our Tutorial With Little Bit…

One Payload to Inject them all – MultiQuery Injection

Posted on October 26, 2020 by _r00t1ng_

Hey, everyone here we are with yet another tutorial on SQLi, this one may not be very new but i am very sure many of the readers of securityidiots will enjoy reading the tutorial and learning something new with it. In this tutorial we ll learn Multiquery Injection, the injection which is many times misinterpreted…

Routed SQL Injection

Posted on October 26, 2020October 26, 2020 by _r00t1ng_

Routed SQL Injection may sound a little bit different or tough for many of the injector being a new concept which confuse many of the injectors. Routed SQL injection is a situation where the injectable query is not the one which gives output but the output of injectable query goes to the query which gives…

DIOS the SQL Injectors Weapon

Posted on October 26, 2020 by _r00t1ng_

In this Post we will only know DIOS a little more and introduce some different and new flavors of DIOS. USAGE FOR ALL DIOS: Just put the code in place of vulnerable column and see the magic As most of you have seen this one the first DIOS: Above is a Awesome Piece of code…

← Newer posts Older posts →

Open Bug Bounty Blog | page 2

CloudMe 1.11.2 Buffer OverFlow – Exploit Development.

Lets Go!