Cve

Sherlock is one of those tools anyone who does OSINT has used at least once. You give it a username and it checks whether that identity exists across 400+ social networks and registration platforms. It is straightforward, fast, written in Python, and has a huge community: at the time of writing the official repository sits at around 83,000 stars on GitHub with hundreds of contributors. To give an idea of the potential blast radius in case of compromise, I collected some public metrics at the time of writing: ...

I have a Raspberry Pi collection that has slowly taken on a life of its own. Each model has its own project, and I periodically end up on YouTube looking for new ideas. That’s how I came across MagicMirror²: an open-source smart mirror that uses a Raspberry Pi to project a series of interactive dashboards, news, weather, calendar, and public transport schedules onto a two-way mirror monitor. The end result looks great, and the project has an active community of people building custom modules. ...

One of the things I keep asking myself when I review source code is: “what is this application’s real attack surface?”. Not in the abstract sense (every application has attack surface), but in the concrete sense: if I get code execution here, what can I actually reach? What data moves through this thing, and where does it go? I found BentoPDF while working on a personal project. I was browsing GitHub looking for interesting open-source tools, stumbled across it, and thought: privacy-first, fully client-side PDF processor, WebAssembly, zero backend. Architecturally unusual. Worth a closer look. ...

After obtaining my OSWE, I started appreciating white box analysis much more. So every now and then I pick an open-source project I like, analyze the source code, try to understand how it works, and when I come across critical functions I ask myself: “what if this didn’t work as expected?”. Today I’ll tell you how I discovered this Arbitrary File Upload via MIME-type spoofing that led to a Stored XSS in Postiz, an open-source social media management tool with over 600 instances exposed on the internet. The vulnerability allows an attacker to act as the victim: steal API keys, exfiltrate tokens from all connected social integrations (Instagram, X, LinkedIn, Facebook, TikTok and 23 other providers), publish and delete posts on their behalf, and create persistent OAuth backdoors that survive password changes. ...

PwnDoc up to version 0.5.3 allows remote attackers to identify disabled account usernames by exploiting response messages during authentication attempts. Product CVE CVSSv3 Score CWE PwnDoc CVE-2022-44023 5.3 (Medium) CWE-307 Exploitation Steps This vulnerability allows username enumeration of disabled accounts in PwnDoc (tested on version 0.5.3 - 2022-07-19) by observing server responses to login attempts. Example Scenario: Suppose the following users were registered and subsequently disabled in PwnDoc: ...

PwnDoc up to version 0.5.3 allows remote attackers to identify valid usernames by exploiting response timings during authentication attempts. Product CVE CVSSv3 Score CWE PwnDoc CVE-2022-44022 5.3 (Medium) CWE-307 Exploitation Steps This vulnerability allows username enumeration in PwnDoc (tested on version 0.5.3 - 2022-07-19 and earlier) by observing web server response timings during login attempts. Example Scenario: Suppose the following users are registered in PwnDoc: ...

Finding your first CVE is one of those things that stays with you. Not so much for the assigned number, which is ultimately just an identifier in a database, but for the process: the moment you realize the bug is real, that nobody has reported it before you, and that you have the responsibility to handle it correctly. I’m telling this story in this post from start to finish: the discovery, the exploit, and finally the responsible disclosure process with MITRE. ...