Artsploit

get shell or die trying

Saturday, August 10, 2019

Apache Solr Injection @ DEFCON 27

https://github.com/veracode-research/solr-injection

A brand new vulnerability - Apache Solr Injection, as well as new ways to RCE in this innocent looking search engine. 

Here is the whitepaper and the video from my presentation at DEFCON 27.

Posted by Michael Stepankin at 2:00:00 AM
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest

Monday, February 25, 2019

Exploiting Spring Boot Actuators

https://www.veracode.com/blog/research/exploiting-spring-boot-actuators

I wrote this article while working at the Veracode Research team.

Posted by Michael Stepankin at 2:00:00 AM
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest

Thursday, January 3, 2019

Exploiting JNDI Injections in Java

https://www.veracode.com/blog/research/exploiting-jndi-injections-java

I wrote this article while working at the Veracode Research team.

Posted by Michael Stepankin at 2:00:00 AM
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)

Whoami

Michael Stepankin
@artsploit
artsploit [at] gmail.com
https://github.com/artsploit/ https://portswigger.net/research/michael-stepankin

Popular Posts

  • [demo.paypal.com] Node.js code injection (RCE)
    When I am trying to find vulnerabilities in web applications, I always perform fuzzing of all http parameters, and sometimes it gives me som...
  • [manager.paypal.com] Remote Code Execution Vulnerability
    In December 2015, I found a critical vulnerability in one of PayPal business websites ( manager.paypal.com ). It allowed me to exe...
  • 3 ways to get Remote Code Execution in Kafka UI
    When I first encountered Kafka UI, I was thrilled that such a dangerous functionality is exposed without authentication. After some time I d...
  • mTLS: When certificate authentication is done wrong
    https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/ In 2023 I spent some time researching x509 certificate au...
  • Hidden OAuth attack vectors
    https://portswigger.net/research/hidden-oauth-attack-vectors I wrote this article while working at the PortSwigger Research team.
  • Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
    https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 I wrote this article while working at the PortSwigger Rese...
  • Exploiting JNDI Injections in Java
    https://www.veracode.com/blog/research/exploiting-jndi-injections-java I wrote this article while working at the Veracode Research team.
  • Spring View Manipulation Vulnerability
    https://www.veracode.com/blog/secure-development/spring-view-manipulation-vulnerability I wrote this article while working at the Veracode ...
  • Exploiting Spring Boot Actuators
    https://www.veracode.com/blog/research/exploiting-spring-boot-actuators I wrote this article while working at the Veracode Research team.
  • Apache Solr Injection @ DEFCON 27
    https://github.com/veracode-research/solr-injection A brand new vulnerability -  Apache Solr Injection , as well as new ways to RCE in this ...

Blog Archive

  • ►  2024 (1)
    • ►  October (1)
  • ►  2023 (1)
    • ►  August (1)
  • ►  2021 (2)
    • ►  June (1)
    • ►  March (1)
  • ►  2020 (1)
    • ►  September (1)
  • ▼  2019 (3)
    • ▼  August (1)
      • Apache Solr Injection @ DEFCON 27
    • ►  February (1)
      • Exploiting Spring Boot Actuators
    • ►  January (1)
      • Exploiting JNDI Injections in Java
  • ►  2016 (2)
    • ►  August (1)
    • ►  January (1)

Labels

  • #bugbounty
  • #paypal
  • #RCE
Powered by Blogger.