FUN WITH LINUX

FIWARE Keyrock: Command Injection in Organisationname

12 August 2024

Identifier: AIT-SA-20240514-04
Target: FIWARE Keyrock
Vendor: FIWARE
Version: all versions including 8.4
CVE: CVE-2024-42167
Accessibility: Remote
Severity: Critical (9.1)
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
FIWARE Keyrock: Command Injection in Applicationname

12 August 2024

Identifier: AIT-SA-20240514-04
Target: FIWARE Keyrock
Vendor: FIWARE
Version: all versions including 8.4
CVE: CVE-2024-42166
Accessibility: Remote
Severity: Critical (9.1)
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
FIWARE Keyrock: Activation of any new user

12 August 2024

Identifier: AIT-SA-20240514-03
Target: FIWARE Keyrock
Vendor: FIWARE
Version: all versions including 8.4
CVE: CVE-2024-42165
Accessibility: Remote
Severity: Medium (6.3)
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
FIWARE Keyrock: Deactivate 2-factor-auth of any user

12 August 2024

Identifier: AIT-SA-20240514-02
Target: FIWARE Keyrock
Vendor: FIWARE
Version: all versions including 8.4
CVE: CVE-2024-42164
Accessibility: Remote
Severity: Medium (4.3)
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
FIWARE Keyrock: Manipulate passwords of any user

12 August 2024

Identifier: AIT-SA-20240514-01
Target: FIWARE Keyrock
Vendor: FIWARE
Version: all versions including 8.4
CVE: CVE-2024-42163
Accessibility: Remote
Severity: Medium (8.3)
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
Contributing a Metasploit Exploit

12 November 2023

Metasploit Logo

One of my daily work is to create testbeds to test defense mechanisms. As a result, I am constantly watching for vulnerabilities that I could use in such testbeds. In February 2023, someone discovered a vulnerability in the open-source surveillance software “Zoneminder”. It was a command injection vulnerability that an unauthorized attacker could trigger. Since there was only an advisory on Github without any proof of concept code, I created an exploit and contributed it to Metasploit. I learned a lot about developing modules for the Metasploit framework, and this article summarizes my experiences. To give Zoneminder administrators enough time to patch their systems, I waited more than seven months from releasing a patched version of Zoneminder before releasing this exploit.

Read more..
Ninth Anniversary

7 November 2023

This is the ninth blog anniversary! Unbelievable!

Read more..
Fireshonks 2022: Logrotten

2 January 2023

fireshonks 2022 talk

Due to the corona pandemic the chaos communication congress did not take place in 2022. Different hackerspaces created mini-events with talks and workshops instead. One of them was “Fireshonks 2022” which was organized by “Remote Rhein-Ruhr Stage” and “Haecksen”. I had the honour to give a talk about Logrotten - It’s not a Bug. The full talk is online as a video-stream and was held in german language.
 

Read more..
BSidesVienna 2022: Logrotten.

19 November 2022

bsides vienna 2022 talk

BSides Vienna 2022 was a wonderful event. There were so many great talks and the location was beautiful. I gave a talk at the BSides Vienna 2022 about my “logrotten” exploit and I think the hacker community liked it. Here is a short description about the talk:

Read more..
SexyPolling SQL Injection

18 April 2022

Identifier: AIT-SA-20220208-01
Target: Sexy Polling ( Joomla Extension)
Vendor: 2glux
Version: all versions below version 2.1.8
CVE: Not yet
Accessibility: Remote
Severity: Critical
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti