FUN WITH LINUX

Decidim: Stored XSS in embedded URLs for Decidim Meetings

20 November 2024

Identifier: AIT-SA-20241114-01
Target: Decidim – The participatory democracy framework
Vendor: Decidim
Version: v0.28 including v0.28.2
CVE: CVE-2024-45594
Accessibility: Remote
Severity: High
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
Decidim-Awesome: SQL Injection in AdminAccountability

20 November 2024

Identifier: AIT-SA-20241112-01
Target: decidim-module-decidim_awesome
Vendor: Decidim International Community Environment
Version: All versions including v0.11.1
CVE: CVE-2024-43415
Accessibility: Remote
Severity: Critical
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
AttackMate A modern open source tool for automating cyberattack

17 November 2024

attackmate logo

Automating attack chains is not only necessary for testing cybersecurity mechanisms, but also very practical for cybersecurity training and pentests. Most existing tools are not primarily concerned with the attacks manifesting themselves in the logs as if they had been carried out by a human attacker. AttackMate was written with the intention of performing realistic attacks and allows attacks to be chained across all phases of the killchain. I wrote that tool as part of my work at the AIT, where we need realistic logs for anomaly detection. It is Free Open Source Software and available on GitHub

Read more..
BalCCon2k24 was amazing

24 September 2024

Lectern with the logo

This year was my first time at the balccon conference. This infosec event takes place in Serbia and is a community oriented congress very similar to the CCC Congress in Germany. I felt very comfortable there right from the start. There were incredibly good talks and fantastic installations built by the community.

Read more..
FIWARE Keyrock: Command Injection in Organisationname

12 August 2024

Identifier: AIT-SA-20240514-04
Target: FIWARE Keyrock
Vendor: FIWARE
Version: all versions including 8.4
CVE: CVE-2024-42167
Accessibility: Remote
Severity: Critical (9.1)
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
FIWARE Keyrock: Command Injection in Applicationname

12 August 2024

Identifier: AIT-SA-20240514-04
Target: FIWARE Keyrock
Vendor: FIWARE
Version: all versions including 8.4
CVE: CVE-2024-42166
Accessibility: Remote
Severity: Critical (9.1)
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
FIWARE Keyrock: Activation of any new user

12 August 2024

Identifier: AIT-SA-20240514-03
Target: FIWARE Keyrock
Vendor: FIWARE
Version: all versions including 8.4
CVE: CVE-2024-42165
Accessibility: Remote
Severity: Medium (6.3)
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
FIWARE Keyrock: Deactivate 2-factor-auth of any user

12 August 2024

Identifier: AIT-SA-20240514-02
Target: FIWARE Keyrock
Vendor: FIWARE
Version: all versions including 8.4
CVE: CVE-2024-42164
Accessibility: Remote
Severity: Medium (4.3)
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
FIWARE Keyrock: Manipulate passwords of any user

12 August 2024

Identifier: AIT-SA-20240514-01
Target: FIWARE Keyrock
Vendor: FIWARE
Version: all versions including 8.4
CVE: CVE-2024-42163
Accessibility: Remote
Severity: Medium (8.3)
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
Contributing a Metasploit Exploit

12 November 2023

Metasploit Logo

One of my daily work is to create testbeds to test defense mechanisms. As a result, I am constantly watching for vulnerabilities that I could use in such testbeds. In February 2023, someone discovered a vulnerability in the open-source surveillance software “Zoneminder”. It was a command injection vulnerability that an unauthorized attacker could trigger. Since there was only an advisory on Github without any proof of concept code, I created an exploit and contributed it to Metasploit. I learned a lot about developing modules for the Metasploit framework, and this article summarizes my experiences. To give Zoneminder administrators enough time to patch their systems, I waited more than seven months from releasing a patched version of Zoneminder before releasing this exploit.

Read more..
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti