h1-5411-CTF: H1-5411 CTF Write-up by erbbysam and ziot

@erbbysam and I recently set out to beat the latest CTF challenge hosted by HackerOne. Here is a write-up with the process we took from start to finish. The h1-5411 CTF begins with a tweet from HackerOne: https://twitter.com/Hacker0x01/status/1044974142150373378 F351665 This leads to a website...

Moodle 3.x PHP Unserialize Remote Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution via PHP unserialize product: Moodle - Open-source learning platform vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and earlier...

Moodle 3.x PHP Unserialize Remote Code Execution Exploit

Exploit for php platform in category web applications ======================================================================= title: Remote Code Execution via PHP unserialize product: Moodle - Open-source learning platform vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and earlier...

WordPress WooCommerce plugin <= 3.4.4 - Potential Object Injection vulnerability

According to WooCommerce, versions, 3.4.4 and earlier are affected by an issue where a function that updates attributes could lead to object injection, related to the WordPress 4.8.3 security release. Solution Update the WordPress WooCommerce plugin to the latest available version at least 3.4.5...

Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2017-1571 DESCRIPTION: IBM DB2 for Linux, UNIX and...

WooCommerce <= 3.4.4 - Potential Object Injection

According to WooCommerce: "Versions 3.4.4 and earlier are affected by an issue where a function that updates attributes could lead to object injection. This is related to the WordPress 4.8.3 security release. This issue can only be exploited by users who can edit attributes and should not be...

YesWiki PHP Object Injection Vulnerability

YesWiki is a Wiki system written in PHP. The system is primarily used to create and manage websites in a collaborative manner. A PHP object injection vulnerability exists in the deserialization process of user input parameters in the i18n.inc.php file in YesWiki cercopitheque beta 1 and earlier...

CVE-2018-1000641

YesWiki version = cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information...

CVE-2018-1000641

YesWiki version = cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information...

Design/Logic Flaw

YesWiki version = cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information...

CVE-2018-1000641

YesWiki version = cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information...

CVE-2018-1000641

YesWiki contains a PHP Object Injection vulnerability in i18n.inc.php due to unserialising a user-supplied parameter. Affected versions are YesWiki

New PHP Code Execution Attack Puts WordPress Sites at Risk

Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of...

What is Phar Deserialization

Summary The security researcher Sam Thomas from Secarma found a new exploitation technique that can lead to critical PHP object injection vulnerabilities - without using the PHP function unserialize. The new technique was announced at the BlackHat USA conference in his talk Its a PHP...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affects IBM Security Key Lifecycle Manager.

Summary There are multiple vulnerabiltities in the IBM® Db2® that is shipped with IBM Security Key Lifecycle Manager. These issues were disclosed as part of the IBM® Db2® updates published. These may affect some configurations of IBM Security Key Lifecycle Manager. Vulnerability Details Please...

Design/Logic Flaw

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org...

CVE-2014-2302

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org...

CVE-2014-2302

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org...

CVE-2014-2302

The CVE-2014-2302 entry is substantiated by multiple connected documents: webEdition CMS installer/online installer vulnerability leading to remote command execution via PHP object injection when the installer communicates with update.webedition.org. Affected versions include webEdition CMS befor...

SS-2018-017: Possible PHP Object Injection via Multi-Value Field Extension

More info at https://www.silverstripe.org/download/security-releases/ss-2018-017/...