FUN WITH LINUX

Contributing a Metasploit Exploit

12 November 2023

Metasploit Logo

One of my daily work is to create testbeds to test defense mechanisms. As a result, I am constantly watching for vulnerabilities that I could use in such testbeds. In February 2023, someone discovered a vulnerability in the open-source surveillance software “Zoneminder”. It was a command injection vulnerability that an unauthorized attacker could trigger. Since there was only an advisory on Github without any proof of concept code, I created an exploit and contributed it to Metasploit. I learned a lot about developing modules for the Metasploit framework, and this article summarizes my experiences. To give Zoneminder administrators enough time to patch their systems, I waited more than seven months from releasing a patched version of Zoneminder before releasing this exploit.

Read more..
Ninth Anniversary

7 November 2023

This is the ninth blog anniversary! Unbelievable!

Read more..
Fireshonks 2022: Logrotten

2 January 2023

fireshonks 2022 talk

Due to the corona pandemic the chaos communication congress did not take place in 2022. Different hackerspaces created mini-events with talks and workshops instead. One of them was “Fireshonks 2022” which was organized by “Remote Rhein-Ruhr Stage” and “Haecksen”. I had the honour to give a talk about Logrotten - It’s not a Bug. The full talk is online as a video-stream and was held in german language.
 

Read more..
BSidesVienna 2022: Logrotten.

19 November 2022

bsides vienna 2022 talk

BSides Vienna 2022 was a wonderful event. There were so many great talks and the location was beautiful. I gave a talk at the BSides Vienna 2022 about my “logrotten” exploit and I think the hacker community liked it. Here is a short description about the talk:

Read more..
SexyPolling SQL Injection

18 April 2022

Identifier: AIT-SA-20220208-01
Target: Sexy Polling ( Joomla Extension)
Vendor: 2glux
Version: all versions below version 2.1.8
CVE: Not yet
Accessibility: Remote
Severity: Critical
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
Seventh Anniversary

7 November 2021

I started blogging seven years ago. My blog changed from: “I blog everything that comes into my mind” to “I write about things I do on my computer”. Sometimes it’s about some hardware-projects, sometimes it’s about Linux and in the last years it was a lot about security. I promise I will continue because I have much Fun With Linux.

Read more..
ForkCMS PHP Object Injection (CVE-2020-24036)

2 March 2021

Identifier: AIT-SA-20210215-04
Target: ForkCMS
Vendor: ForkCMS
Version: all versions below version 5.8.3
CVE: CVE-2020-24036
Accessibility: Remote
Severity: Medium
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
QCubed Cross Site Scripting (CVE-2020-24912)

2 March 2021

Identifier: AIT-SA-20210215-03
Target: QCubed Framework
Vendor: QCubed
Version: all versions including 3.1.1
CVE: CVE-2020-24912
Accessibility: Remote
Severity: High
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
QCubed SQL Injection ( CVE-2020-24913)

2 March 2021

Identifier: AIT-SA-20210215-02
Target: QCubed Framework
Vendor: QCubed
Version: all versions including 3.1.1
CVE: CVE-2020-24913
Accessibility: Remote
Severity: Critical
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
QCubed PHP Object Injection (CVE-2020-24914)

2 March 2021

Identifier: AIT-SA-20210215-01
Target: QCubed Framework
Vendor: QCubed
Version: all versions including 3.1.1
CVE: CVE-2020-24914
Accessibility: Remote
Severity: Critical
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti