Mastodawn

Dec 18, 2022

Articles worth reading discovered last week:

# CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution
🗞 https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/

# Technical challenges with file formats - Speaker Deck
🗞 https://speakerdeck.com/ange/technical-challenges-with-file-formats

# I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS | Spaceraccoon's Blog
🗞 https://spaceraccoon.dev/analyzing-clipboardevent-listeners-stored-xss/

# GitHub - fransr/hot-jar-swapping-urlclassloader: Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes
🗞 https://github.com/fransr/hot-jar-swapping-urlclassloader

#PentesterLabWeekly

Remote Code Execution in ONLYOFFICE - Nettitude Labs

Nettitude discovered multiple vulnerabilities in ONLYOFFICE Web Sockets that can be exploited for Unauthenticated Remote Code Execution.

Nettitude Labs