Artsploit

get shell or die trying

Tuesday, June 29, 2021

Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)

https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464

I wrote this article while working at the PortSwigger Research team.

Posted by Michael Stepankin at 3:23:00 AM
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)

Whoami

Michael Stepankin
@artsploit
artsploit [at] gmail.com
https://github.com/artsploit/ https://portswigger.net/research/michael-stepankin

Popular Posts

  • [demo.paypal.com] Node.js code injection (RCE)
    When I am trying to find vulnerabilities in web applications, I always perform fuzzing of all http parameters, and sometimes it gives me som...
  • [manager.paypal.com] Remote Code Execution Vulnerability
    In December 2015, I found a critical vulnerability in one of PayPal business websites ( manager.paypal.com ). It allowed me to exe...
  • mTLS: When certificate authentication is done wrong
    https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/ In 2023 I spent some time researching x509 certificate au...
  • 3 ways to get Remote Code Execution in Kafka UI
    When I first encountered Kafka UI, I was thrilled that such a dangerous functionality is exposed without authentication. After some time I d...
  • Hidden OAuth attack vectors
    https://portswigger.net/research/hidden-oauth-attack-vectors I wrote this article while working at the PortSwigger Research team.
  • Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
    https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 I wrote this article while working at the PortSwigger Rese...
  • Exploiting JNDI Injections in Java
    https://www.veracode.com/blog/research/exploiting-jndi-injections-java I wrote this article while working at the Veracode Research team.
  • Spring View Manipulation Vulnerability
    https://www.veracode.com/blog/secure-development/spring-view-manipulation-vulnerability I wrote this article while working at the Veracode ...
  • Exploiting Spring Boot Actuators
    https://www.veracode.com/blog/research/exploiting-spring-boot-actuators I wrote this article while working at the Veracode Research team.
  • Apache Solr Injection @ DEFCON 27
    https://github.com/veracode-research/solr-injection A brand new vulnerability -  Apache Solr Injection , as well as new ways to RCE in this ...

Blog Archive

  • ►  2024 (1)
    • ►  October (1)
  • ►  2023 (1)
    • ►  August (1)
  • ▼  2021 (2)
    • ▼  June (1)
      • Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
    • ►  March (1)
  • ►  2020 (1)
    • ►  September (1)
  • ►  2019 (3)
    • ►  August (1)
    • ►  February (1)
    • ►  January (1)
  • ►  2016 (2)
    • ►  August (1)
    • ►  January (1)

Labels

  • #bugbounty
  • #paypal
  • #RCE
Powered by Blogger.