微信打赏（Wechat Reward) Security Vulnerabilities

SRC-2021-0029 : Dedecms GetCookie Type Juggling Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Dedecms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetCookie function. The issue results from a loose comparison check...

Validator can fail to receive commission reward in redeemAllRewards

Handle jonah1005 Vulnerability details Impact Validator can fail to receive commission reward by calling redeemAllRewards. There's a check in redeemAllRewards uint128 rewards = sharesToTokens(s.shares, v.exchangeRate) - s.staked; require(rewards > 0, "Nothing to redeem"); The...

Epoch may rounded to zero in deposit depositRewardTokens and takeOutRewardTokens

Handle jonah1005 Vulnerability details division bias in deposit depositRewardTokens and takeOutRewardTokens Impact When the owner deposits reward into the contract, the remainder would not be counted. These dust tokens would be left in the contract. There's a similar issue in takeOutRewardTokens......

Comptroller rewards can be artificially inflated and drained by manipulating [totalStaked - totalFrozen] (or: wrong rewards calculation)

Handle kenzo Vulnerability details By adding a small of amount of staking to a normal user scenario, and not approving this small amount as a loan for anybody, a staker can gain disproportionate amounts of comptroller rewards, even to the point of draining the contract. For example: Stakers A,B,C.....

Users could lose funds if owner took out reward which is not multiplier of allocatedTokensPerEpoch

Handle xYrYuYx Vulnerability details Impact User could lost funds if owner take reward which is not multiplier of allocatedTokensPerEpoch. Proof of Concept This is my test case to proof this issue. This issue occur because of Line 104...

reward tokens could get lost due to rounding down

Handle gpersoon Vulnerability details Impact The function depositRewardTokens divides the "amount" of tokens by allocatedTokensPerEpoch to calculate the endEpoch. When "amount" isn't a multiple of allocatedTokensPerEpoch the result of the division will be rounded down, effectively losing a number.....

Unable to redeem rest funds if deposited reward is not multiplier of allocatedTokensPerEpoch

Handle xYrYuYx Vulnerability details Impact Owner will deposit any amount of reward if amount is greater than allocatedTokensPerEpoch. This means that it is possible that owner can sent amount which is not multiplier of allocatedTokensPerEpoch. For example, when allocatedTokensPerEpoch is 1 CQT,...

Incorrect updateGlobalExchangeRate implementation

Handle xYrYuYx Vulnerability details Impact UpdateGlobalExchangeRate has incorrect implementation when totalGlobalShares is zero. If any user didn't start stake, totalGlobalShares is 0, and every stake it will increase. but there is possibility that totalGlobalShares can be 0 amount later by...

Netnifty Internet behavior control system has arbitrary file download vulnerability

Ltd. was renamed from Lenovo Netcom Technology (Beijing) Co., Ltd. and its business covers network boundary security protection, application and data security protection, network-wide security risk management, professional security solutions and professional security services. An arbitrary file...

takeOutRewardTokens does not work correctly

Handle csanuragjain Vulnerability details Impact Owner will not be able to take out reward Proof of Concept Navigate to https://github.com/code-423n4/2021-10-covalent/blob/main/contracts/DelegatedStaking.sol Check the takeOutRewardTokens function function takeOutRewardTokens(uint128 amount)...

New High Impact Scenarios and Awards for the Azure Bounty Program

Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research...

CVE-2021-24615

The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting...

CVE-2021-24615

The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting...

Cross site scripting

The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting...

CVE-2021-24615 Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting

The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting...

New High Impact Scenarios and Awards for the Azure Bounty Program

Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research...

New High Impact Scenarios and Awards for the Azure Bounty Program

Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research...

Is Your Data Safe? Check Out Some Cybersecurity Master Classes

Since cybersecurity is definitely an issue that's here to stay, I've just checked out the recently released first episodes of Cato Networks Cybersecurity Master Class Series. According to Cato, the series aims to teach and demonstrate cybersecurity tools and best practices; provide research and...

Exploit for Vulnerability in D-Link Dcs-2530L Firmware

CVE-2020-25078 使用说明 instructions 攻击url放同一目录下 ip.txt The...

Inside Apple: How Apple’s attitude impacts security

Last week saw the fourth occurrence of the Objective by the Sea (OBTS) security conference, which is the only security conference to focus exclusively on Apple's ecosystem. As such, it draws many of the top minds in the field. This year, those minds, having been starved of a good security...

Wrong keeper reward computation

Handle cmichel Vulnerability details The PoolKeeper.keeperReward computation mixes WADs and Quads which leads to issues. Note that keeperTip returns values where 1 = 1%, and 100 = 100%, the same way BASE_TIP = 5 = 5%. Thus _tipPercent = ABDKMathQuad.fromUInt(keeperTip) is a Quad value of this...

Guide: How to Hack API in 60 minutes or API Threats Simulation with Open-Source Tools

What is API? API is the abbreviation for Application Programming Interface, which is a product middle person that permits two applications to converse with one another. Useful link: Api security tutorial for beginners and professionals What Is API Testing: Benefits, Types, How To Start ‍OpenAPI...

MetInfo is vulnerable to SQL injection (CNVD-2021-81488)

MetInfo is an open source, free CMS website builder for businesses.MetInfo is vulnerable to SQL injection. An attacker can use the vulnerability to obtain sensitive database...

CVE-2021-40832

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in...

CVE-2021-33603

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS).....

CVE-2021-40832

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in...

CVE-2021-33603

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS).....

Denial of service

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS).....

Denial of service

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in...

CVE-2021-40832 Denial-of-Service (DoS) Vulnerability

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in...

CVE-2021-33603 Denial-of-Service (DoS) Vulnerability

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS).....

Users cannot receive rewards from ConcentratedLiquidityPoolManager if their liquidity is too large

Handle broccoli Vulnerability details Impact There could be an integer underflow error when the reward of an incentive is claimed, forcing users to wait for a sufficient period or reduce their liquidity to claim the rewards. Proof of Concept The unclaimed reward that a user could claim is...

Wrong reward calculation

Handle 0xsanson Vulnerability details Impact In ConcentratedLiquidityPoolManager, an user can claimReward of a subscribed position. In order to compute the correct amount, secondsUnclaimed needs to be calculated, but it's implemented incorrectly: uint256 secondsUnclaimed = (maxTime -...

Cannot claim reward

Handle cmichel Vulnerability details The ConcentratedLiquidityPoolManager.claimReward requires stake.initialized but it is never set. It also performs a strange computation as 128 - incentive.secondsClaimed which will almost always underflow and revert the transaction. Impact One cannot claim...

Integer underflow error in claimReward of ConcentratedLiquidityPoolManager

Handle broccoli Vulnerability details Impact The claimReward function of ConcentratedLiquidityPoolManager calculates the secondsUnclaimed variable using a formula with an unclear intention: uint256 secondsUnclaimed = (maxTime - incentive.startTime) &lt;&lt; (128 - incentive.secondsClaimed); This...

ConcentratedLiquidityPoolManager uses wrong index for incentive

Handle cmichel Vulnerability details The ConcentratedLiquidityPoolManager uses the positionId as an index for incentives[pool][positionId] when it should be incentiveId instead: // @audit should be Incentive memory incentive = incentives[pool][incentiveId]; Incentive memory incentive =...

Compound DeFi Platform Gives Out $90M

Compound, an Ethereum-based decentralized finance (DeFi) platform, accidentally gave out $90 million to its users in a botched upgrade. Now, the owners would appreciate it if they gave it back. Compound might even be willing to throw in a 10 percent “reward,” it said. On the flip side, those who...

Incentivizing Developers is the Key to Better Security Practices

Professional developers want to embrace DevSecOps and write secure code, but their organizations need to support this seachange if they want that effort to grow. The cyber threat landscape is becoming more complex by the day. Attackers are constantly scanning networks for vulnerable applications,.....

Exploit for Improper Input Validation in Cisco Application Extension Platform

Cisco RV110W UPnP 0day 分析 前言 最近UPnP比较火，恰好手里有一台Cisco...

HybridPool's flashSwap gives the total fee to barFeeTo

Handle 0xsanson Vulnerability details Impact In HybridPool's flashSwap function there's a transfer to barFeeTo _transfer(tokenIn, fee, barFeeTo, false); Here fee = (amountIn * swapFee) / MAX_FEE is the total swap fee. However it should transfer out only a fraction of it (barFee/MAX_FEE) otherwise.....

HybridPool's flashSwap gives the total fee to barFeeTo

Handle 0xsanson Vulnerability details Impact In HybridPool's flashSwap function there's a transfer to barFeeTo _transfer(tokenIn, fee, barFeeTo, false); Here fee = (amountIn * swapFee) / MAX_FEE is the total swap fee. However it should transfer out only a fraction of it (barFee/MAX_FEE) otherwise.....

CVE-2021-33600

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by...

CVE-2021-33600

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by...

CVE-2021-33601

A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper...

CVE-2021-33601

A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper...

Design/Logic Flaw

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by...

Code injection

A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper...

CVE-2021-33601 Arbitrary Code Execution in Web Interface of F-Secure Internet Gatekeeper

A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper...

CVE-2021-33600 Denial of Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by...

Feds Sanctions SUEX Cryptocurrency Exchange for Laundering Ransomware Payouts

In an unprecedented move, the federal government has sanctioned a cryptocurrency exchange for laundering ransom transactions for cybercriminals and helping them evade law-enforcement activity. As part of its continued hardline against ransomware attacks, the U.S. Department of Treasury has...