In an earlier post I walked through a cool SSRF vulnerability related to the ES plugin affecting later versions of Adminer. In much older versions it used to be possible to perform port scans using the standard MySQL plugin - and best of all it required no extra effort, everything…
This bug is an oldie, but one that is still about if you know where to look. It holds a special place in my heart as it was the first RCE I'd found on Synack, the fact it got rejected for being a duplicate doesn't matter!…
Earlier this year CVE-2024-23897 was disclosed, but I think I may have missed it during the new year and changing job. It was only when doing some hunting on Synack and doing some high level scanning that I found out about it, and when I had found it and tried…
Late last year this vulnerability lead to the compromise of several on-premise installs of Atlassian Confluence. CVE-2023-22515 is scarily simple to exploit and is the result of certain requests sent to the server being trusted if they contained a certain header. With this it was then possible to re-run part…
On the weekend, I came across an interesting SQL injection vulnerability whilst researching on a financing related website. I expected the website to have vulnerabilities, as I'd earlier found an IDOR that allowed for the read/write of contacts who'd receive emails across accounts, but I…
Earlier today I was tasked with trying to show how CVE-2024-2879 could be exploited, and this investigation lead to the following blog post being created at Security Blue Team. The CVE itself didn't have a PoC online that I could find, and though I did find snippets of…
If you've been around web application penetration testing, it's pretty likely you'll know or have heard about Adminer. Adminer is a very convenient and easy to use open-source database management tool, it allows an administrator to connect in to the specified DBMS, run queries…
After seeing the recent CVE-2024-20767 relating to Improper Access Control in Adobe ColdFusion, I wanted to better understand how it worked. From my experiences on Synack, ColdFusion is still pretty out there in the wild and often quite out of date. I was unable to find too much information on…