Artsploit

get shell or die trying

Saturday, August 10, 2019

Apache Solr Injection @ DEFCON 27

https://github.com/veracode-research/solr-injection

A brand new vulnerability - Apache Solr Injection, as well as new ways to RCE in this innocent looking search engine. 

Here is the whitepaper and the video from my presentation at DEFCON 27.

Posted by Michael Stepankin at 2:00:00 AM
Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

Monday, February 25, 2019

Exploiting Spring Boot Actuators

https://www.veracode.com/blog/research/exploiting-spring-boot-actuators

I wrote this article while working at the Veracode Research team.

Posted by Michael Stepankin at 2:00:00 AM
Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

Thursday, January 3, 2019

Exploiting JNDI Injections in Java

https://www.veracode.com/blog/research/exploiting-jndi-injections-java

I wrote this article while working at the Veracode Research team.

Posted by Michael Stepankin at 2:00:00 AM
Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)

Whoami

Michael Stepankin
@artsploit
artsploit [at] gmail.com
https://github.com/artsploit/ https://portswigger.net/research/michael-stepankin

Popular Posts

  • [demo.paypal.com] Node.js code injection (RCE)
    When I am trying to find vulnerabilities in web applications, I always perform fuzzing of all http parameters, and sometimes it gives me som...
  • [manager.paypal.com] Remote Code Execution Vulnerability
    In December 2015, I found a critical vulnerability in one of PayPal business websites ( manager.paypal.com ). It allowed me to exe...
  • Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
    https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 I wrote this article while working at the PortSwigger Rese...
  • Spring View Manipulation Vulnerability
    https://www.veracode.com/blog/secure-development/spring-view-manipulation-vulnerability I wrote this article while working at the Veracode ...
  • Hidden OAuth attack vectors
    https://portswigger.net/research/hidden-oauth-attack-vectors I wrote this article while working at the PortSwigger Research team.
  • Exploiting JNDI Injections in Java
    https://www.veracode.com/blog/research/exploiting-jndi-injections-java I wrote this article while working at the Veracode Research team.
  • Apache Solr Injection @ DEFCON 27
    https://github.com/veracode-research/solr-injection A brand new vulnerability -  Apache Solr Injection , as well as new ways to RCE in this ...
  • Exploiting Spring Boot Actuators
    https://www.veracode.com/blog/research/exploiting-spring-boot-actuators I wrote this article while working at the Veracode Research team.

Blog Archive

  • ►  2021 (2)
    • ►  June (1)
    • ►  March (1)
  • ►  2020 (1)
    • ►  September (1)
  • ▼  2019 (3)
    • ▼  August (1)
      • Apache Solr Injection @ DEFCON 27
    • ►  February (1)
      • Exploiting Spring Boot Actuators
    • ►  January (1)
      • Exploiting JNDI Injections in Java
  • ►  2016 (2)
    • ►  August (1)
    • ►  January (1)

Labels

  • #bugbounty
  • #paypal
  • #RCE
Simple theme. Powered by Blogger.