Historia o tym jak badacze bezpieczeństwa mogli przejąć infrastrukturę rządową i nie tylko – cudzymi rękami

O tym, że profesjonaliści zajmujący się bezpieczeństwem powinni z należytą dbałością weryfikować wykorzystywane narzędzia pisaliśmy już nie raz. Ostatnio temat ten został przytoczony omawiając przypadek domeny linpeas.sh. Dzisiaj znów wyciągniemy wnioski z cudzych błędów, a laboratoryjnym przykładem nie będą pentesterzy, a czarne kapelusze (ang. black hat). Jednak morał płynący z...

#WBiegu #Backdoor #Watchtowr #Websec

https://sekurak.pl/historia-o-tym-jak-badacze-bezpieczenstwa-mogli-przejac-infrastrukture-rzadowa-i-nie-tylko-cudzymi-rekami/

"We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI" -- watchTowr Labs

Quite alarming how little this field seems to have been researched. And bigger registrars are using hardcoded, outdated WHOIS server addresses.. Yikes!

Happy to hear that Let's Encrypt doesn't allow for validation of domains via WHOIS at least. But GlobalSign and others seemingly do..!

https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/

#watchtowr #labs #mobi #whois #rce #vulnerability #infosec #letsencrypt #ca #tls #ssl

A recent security alert highlights a critical vulnerability in PHP that allows attackers to run malicious code on Windows servers. This issue stems from an oversight in PHP's handling of encoding conversions within Windows, specifically affecting servers running PHP in CGI mode. Attackers can exploit this by injecting specific character sequences, leading to arbitrary code execution on remote PHP servers. The vulnerability is particularly concerning due to its simplicity, the ease of exploitation, and the fact that popular platforms like XAMPP are vulnerable by default. Security experts recommend checking PHP servers for susceptibility and applying patches or mitigations promptly to prevent potential attacks.

https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/

#cybersecurity #php #vulnerability #windows #server #cgi #xampp #patch #watchtowr

[Перевод] CVE-2024-4577: Не может быть, PHP опять под атакой

Orange Tsai недавно запостил про «Одну из уязвимостей PHP, которая влияет на XAMPP, развернутый с настройками по умолчанию», и нам было интересно рассказать немного об этом. XAMPP - очень популярный способ администраторов и разработчиков развернуть Apache, PHP и множество других инструментов, и любая ошибка, которая может быть RCE в установке этого набора по умолчанию, звучит очень заманчиво. Где нашлась очередная уязвимость PHP? Читайте далее.

https://habr.com/ru/articles/820409/

#CVE20244577 #CVE #PHP #phpcgi #xampp #rce #watchtowr #уязвимости #уязвимости_php #уязвимость

WatchTowr Labs discovered a significant vulnerability, CVE-2024-24919, in Check Point's CloudGuard Network Security appliances. This flaw allows attackers to perform an arbitrary file read operation, specifically targeting the shadow password file, which grants them the ability to read any file on the system if run as a superuser. The researchers demonstrated this by sending a crafted HTTP request to the device, resulting in the return of the shadow password file content. Despite the vendor's claim that the vulnerability only affects devices with username-and-password authentication enabled, the researchers found no clear reason for this limitation based on the code analysis. They also noted the vendor's remediation advice, suggesting placing the vulnerable device behind another hardened device, which they found amusing due to its impracticality.

The discovery process involved analyzing the decompiled code to identify paths that could lead to file traversal and reading operations. The researchers highlighted a particular string table comparison mechanism that, when manipulated, allowed them to specify a directory traversal path in their request. This led to the successful retrieval of the shadow password file, showcasing the potential impact of the vulnerability.

WatchTowr Labs expressed concern over the vendor's downplaying of the severity of the bug, especially since it is already being exploited in the wild. They emphasized the importance of treating this as a full unauthenticated remote code execution (RCE) vulnerability and urged device administrators to update their systems immediately. The vendor, Check Point, has released a hotfix to address the issue, which administrators are advised to apply.

https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

https://support.checkpoint.com/results/sk/sk182336

#cybersecurity #checkpoint #cloudguard #vulnerability #cve #rce #hotfix #update #watchtowr