FUN WITH LINUX

BSidesVienna 2022: Logrotten.

19 November 2022

bsides vienna 2022 talk

BSides Vienna 2022 was a wonderful event. There were so many great talks and the location was beautiful. I gave a talk at the BSides Vienna 2022 about my “logrotten” exploit and I think the hacker community liked it. Here is a short description about the talk:

Read more..
SexyPolling SQL Injection

18 April 2022

Identifier: AIT-SA-20220208-01
Target: Sexy Polling ( Joomla Extension)
Vendor: 2glux
Version: all versions below version 2.1.8
CVE: Not yet
Accessibility: Remote
Severity: Critical
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
Seventh Anniversary

7 November 2021

I started blogging seven years ago. My blog changed from: “I blog everything that comes into my mind” to “I write about things I do on my computer”. Sometimes it’s about some hardware-projects, sometimes it’s about Linux and in the last years it was a lot about security. I promise I will continue because I have much Fun With Linux.

Read more..
ForkCMS PHP Object Injection (CVE-2020-24036)

2 March 2021

Identifier: AIT-SA-20210215-04
Target: ForkCMS
Vendor: ForkCMS
Version: all versions below version 5.8.3
CVE: CVE-2020-24036
Accessibility: Remote
Severity: Medium
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
QCubed Cross Site Scripting (CVE-2020-24912)

2 March 2021

Identifier: AIT-SA-20210215-03
Target: QCubed Framework
Vendor: QCubed
Version: all versions including 3.1.1
CVE: CVE-2020-24912
Accessibility: Remote
Severity: High
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
QCubed SQL Injection ( CVE-2020-24913)

2 March 2021

Identifier: AIT-SA-20210215-02
Target: QCubed Framework
Vendor: QCubed
Version: all versions including 3.1.1
CVE: CVE-2020-24913
Accessibility: Remote
Severity: Critical
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
QCubed PHP Object Injection (CVE-2020-24914)

2 March 2021

Identifier: AIT-SA-20210215-01
Target: QCubed Framework
Vendor: QCubed
Version: all versions including 3.1.1
CVE: CVE-2020-24914
Accessibility: Remote
Severity: Critical
Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
Read more..
Pimp my shell

27 February 2021

ZSH is an extraordinary shell. I wrote about that some years ago. In order to make the zsh a little bit more beautiful I prefer installing oh-my-zsh or Powerlevel10k. In this article I want to introduce some plugins I can’t live without anymore.

Read more..
Refurbished Blog

5 February 2021

I started to write this blog in the year 2014 and I wrote about 270 articles since then. Even though the topics changed after time, the main topics are still Sysadmin, Programming, Security and HackADay. In the last years I experienced some serious issues with my blog software. Now I refurbished my blog. I am using a static site generator now, so this blog is static only. I had to give up my comment section for that. That’s very sad, but I hope to receive some mails instead. As with the previous design, I created the new one by myself and I kept it very simple and clean. I hope my readers like it.

Read more..
How to build a music-box for children

2 January 2021

The Tonibox is a music player for children. They can simply place figures on the box and depending on the figure, a corresponding audio book is then played. I like this concept and since my child loves audio books, I am going to build such a box.

Note: I never had an original Tonibox in my hands. So I don’t know about it’s exact features and also don’t know how it really works. This article simply describes how I would build such a device.

Read more..
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti