Jace Powell p4lsec

## log4j.yara
rule log4j {
  meta:
    author = "Jace Powell"
    description = "Searches for references to Log4j.  Only used as a prelimiary/triage search, not a definitive result."
    creation_date = "10 Dec 2021"
  strings:
    $a = /log4j/ nocase ascii wide
  condition:
    any of them
}

## fish_hunt_fl.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                p4lsec
                / fish_hunt_fl.md
            
            
              Last active
              September 8, 2021 19:21
            
          
    Summary

An insecure, direct object reference vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses.
Additionally, an insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.
Application

Software


'Fish|Hunt FL' iOS application, used to manage Florida hunting and fishing licenses.
	rule log4j {
	meta:
	author = "Jace Powell"
	description = "Searches for references to Log4j. Only used as a prelimiary/triage search, not a definitive result."
	creation_date = "10 Dec 2021"
	strings:
	$a = /log4j/ nocase ascii wide
	condition:
	any of them
	}