CTF Writeup: Complex Drupal POP Chain

29 Jan 2019 by Simon Scannell

Drupal

A recent Capture-The-Flag tournament hosted by Insomni’hack challenged participants to craft an attack payload for Drupal 7. This blog post will demonstrate our solution for a PHP Object Injection with a complex POP gadget chain.

Read More

phpBB 3.2.3: Phar Deserialization to RCE

20 Nov 2018 by Simon Scannell
phpBB3 Phar Deserialization

A new PHP exploit technique affects the most famous forum software phpBB3. The vulnerability allows attackers who gain access to an administrator account to execute arbitrary PHP code and to take over the entire board.

Read More

What is PHP Object Injection

9 Oct 2018 by Simon Scannell

PHP Object Injections

A very common and critical vulnerability in PHP applications is PHP Object Injection. This blog post explains how they work and how they can lead to a full site takeover by remote attackers.

Read More

New PHP Exploitation Technique Added

14 Aug 2018 by Dr. Johannes Dahse

PHP Exploitation Technique

Last week a new exploitation technique for PHP applications was announced at the BlackHat USA conference. Find out everything you need to know in this blog post.

Read More

A Salesmans Code Execution: PrestaShop 1.7.2.4

7 May 2018 by Robin Peraglie

PrestaShop is an open-source e-commerce solution. With more than 270,000 running instances it is one of the top 10 most used content management systems in the Web. Additionally to the classical software download, PrestaShop Ready offers to rent an online shop and to get administrative access to pre-hosted PrestaShop instances. From the perspective of attackers these e-commerce systems are very attractive targets because thousands of customers enter sensitive payment information.

Our leading security analysis solution RIPS detected a highly critical PHP object injection vulnerability in PrestaShop that allows to execute arbitrary code on any installation with version <= 1.7.2.4. In this technical blog post we present the vulnerability and the exploitation technique that could have allowed attackers to compromise PrestaShop servers (CVE-2018-20717). This posed a serious risk for the PrestaShop Ready cloud. A fix was released and administrators of outdated PrestaShop installations are highly encouraged to update.

Read More