load without any analysis (file header at offset 0x0): r2 -n /path/to/file
- analyze all:
aa - show sections:
iS - list functions:
afl - list imports:
ii - list entrypoints:
ie - seek to function:
s sym.main
Naretena A. 6en6ar
6en6ar
/ gist:a4977866c59cbcfc716f0f2717b812bf
Created
April 29, 2024 10:38
Public disclosure for a security issue inside s3-url-parser library
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Product: https://www.npmjs.com/package/s3-url-parser | |
| Version: 1.0.3 | |
| Vulnerability type: Denial of Service | |
| CVE ID: CVE-2024-25355 | |
| The regexes defined on lines 7. , 17. and 27. inside https://github.com/AntonioRecaldeRusso/s3-url-parser/blob/master/index.js | |
| are vulnerable to regex denial of service when a long input is provided resulting in a crash. | |
| I've managed to reproduce it with this code: | |
| import s3ParseUrl from 's3-url-parser'; |
6en6ar
/ gist:c3b11b4058b8e2bc54717408d451fb79
Last active
March 20, 2024 07:41
Security issue in domain-suffix
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Product: https://www.npmjs.com/package/domain-suffix | |
| Version: 1.0.8 | |
| Vulnerability type: Denial of Service | |
| CVE ID: CVE-2024-25354 | |
| The regex defined on line 28. inside https://github.com/ikrong/domain-suffix/blob/master/src/domainSuffix.ts | |
| is vulnerable to Regex Denial of Service. When a long string is provided to the application without specifying "/" character | |
| the function parse will be stuck for indefinite amount of time, in this case 10 seconds, but this can be | |
| amplified if more characters are added. | |
| PoC code: |
6en6ar
/ gist:c792d8337b63f095cbda907e834cb4ba
Created
February 14, 2024 22:36
Security issue inside urlite through version v.3.1.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| A regex defined on line 1. inside https://github.com/alanclarke/urlite/blob/master/lib/pattern.js inside npm package "Urlite" | |
| (https://www.npmjs.com/package/urlite) is found to be vulnerable to Regex Denial of Service when malicious input containing a long regex input is | |
| provided to the application that parses a URL. When a malicious payload is provided to the parsing | |
| function the application will hang for indefinite amount of time causing Denial of Service. | |
| If more requests are sent using the same payload it can result in | |
| Distributed Denial of service potentially rendering the service unavailable. | |
| Payload that was used: | |
| var payload ='//:' + '\t:\t'.repeat(90000)+ '\t' |
6en6ar
/ gist:7c2424c93e7fbf2b6fc44e7fb9acb95d
Last active
December 5, 2023 17:12
Security issue in regex inside git-urls package
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [NAME OF AFFECTED PRODUCT(S)] | |
| - https://pkg.go.dev/github.com/whilp/git-urls v1.0.0 | |
| [AFFECTED AND/OR FIXED VERSION(S)] | |
| - v1.0.0 | |
| - Status: not fixed | |
| [VULNERABILITY] |
6en6ar
/ gist:712a4c1eab0324f15e09232c77ea08f8
Created
October 19, 2023 19:43
Vulnerability inside the node-email-check npm package through version 1.0.4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The regex on line 10. inside https://github.com/teomantuncer/node-email-check/blob/main/main.js is vulnerable to a Regex Denial of Service | |
| if a malicious string is provided causing the application using the package to hang. | |
| Proof of concept code to test it: | |
| const emailCheck = require('node-email-check'); | |
| // async request with mx check | |
| //await emailCheck.isValid('example@email.com'); | |
| // sync request without mx check |
6en6ar
/ gist:b118888dc739e8979038f24c8ac33611
Created
June 20, 2023 22:39
Public disclosure of vulnerability inside the urlnorm crate through 0.1.4 for Rust
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Regex Denial of service in urlnorm package on https://crates.io/crates/urlnorm | |
| The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. | |
| The regex defined on line 37. in https://github.com/progscrape/urlnorm/blob/main/src/lib.rs used for trimming .html and other | |
| extensions when normalizing the url is vulnerable to a Regex Denial of Service when malicious input is provided. | |
| Poc Code: | |
| ''' | |
| use url::Url; |
6en6ar
/ yet another radare2 cheatsheet.md
Created
April 2, 2022 09:59
— forked from williballenthin/yet another radare2 cheatsheet.md