Skip to content

Instantly share code, notes, and snippets.

Avatar
🐳
Looking at your projects for Security Vulnerabilities.

Jonathan Leitschuh JLLeitschuh

🐳
Looking at your projects for Security Vulnerabilities.
View GitHub Profile
View CVE-2019-10779_GCHQ_Stroom_POC.md

GCHQ Stroom is vulnerable to Cross-Site Scripting due to the ability to load the Stroom dashboard on another site and insufficient protection against window event origins.

Versions

  • Affected versions: < 5.5.12 & < 6.0.25
  • Patched versions: 5.5.12 & 6.0.25

POC

Launch Stroom and assign it a hostname like stroom.my-company.com, then log in.

View CVE-2019-10769-README.md

Safer-Eval Sandbox Escape POC

safer-eval is a node JS library that supposedly provides a 'safe' way to 'eval' untrusted javascript.

As the maintainer warns in the README:

Warning: The saferEval function may be harmful - so you are warned!

However, it is still used by various libraries to parse/execute untrusted code in such a way that there is an implied

View CVE-2019-19389-Ktor-CWE-113.md
View CVE Numbers.md
@JLLeitschuh
JLLeitschuh / How To Use GitHub Security Advisories.md
Last active Jul 14, 2020
An explanation of how to work with GitHub security advisories.
View How To Use GitHub Security Advisories.md

GitHub Security Advisories

If this is your first time using GitHub Security Advisories, please allow me to guide you through how they work.

Advisories are Private

As of September 17th, 2019, when advisories are published, the entire discussion within the advisory will not be made public. Any information you want to provide to the public should be included in the advisory body.

Updating an Advisory

View Artifact Server HTTPS Only Annoucements.md

Artifact Server Annoucements

This document captures the links to all of the different artifact server hosts that have announced they will be formally depricating downloading dependencies over HTTP and will only be supporting HTTPS starting in January 2020.

mitm_build

Want to take over the Java ecosystem? All you need is a MITM!

Maven Sonatype

@JLLeitschuh
JLLeitschuh / CVE-2019-15848.md
Last active Dec 29, 2019
Full POC for CVE-2019-15848
View CVE-2019-15848.md

CVE-2019-15848: TeamCity XSS to Remote Code Execution

This POC demonstrates taking advantage of a XSS vulnerability in TeamCity allowing an attacker to achieve Remote Code Execution on a build agent if the victim has the ability to add steps to a CI job.

POC

The POC can be simplified to the following URL:

https://[domain.com]/project.html?projectId=[target_project_id]&tab=problems%27%7D)%3B%7D)()%3B[JS_PAYLOAD]</script><script>/*
View permanent_zoom_and_ringcentral_server_remover.sh
# To prevent the vulnerable server from running on your machine
# (this does not impact Zoom functionality), run these two lines in your Terminal.
pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus;
pkill "RingCentralOpener"; rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener;
# (You may need to run these lines for each user on your machine.)
View disable_video_by_default_for_zoom.sh
# For just your local account
defaults write ~/Library/Preferences/us.zoom.config.plist ZDisableVideo 1
# For all users on the machine
sudo defaults write /Library/Preferences/us.zoom.config.plist ZDisableVideo 1
@JLLeitschuh
JLLeitschuh / permanent_zoom_server_remover.sh
Created Jul 8, 2019
Permanently removes the Zoom localhost webserver and prevents it from being reinstalled in the future.
View permanent_zoom_server_remover.sh
rm -rf ~/.zoomus
touch ~/.zoomus
You can’t perform that action at this time.