mathysEthical

cookie-encrypter Vulnerability (CVE-2024-53441)

Let's imagine a website with the following source code:

const express = require('express');
const cookieParser = require('cookie-parser');
const cookieEncrypter = require('cookie-encrypter');
const app = express();

app.use(cookieParser("NicePasswordHereItIsAGoodSecret!"));
app.use(cookieEncrypter("NicePasswordHereItIsAGoodSecret!"));

win3zz

ServiceNow Instance Exposing Sensitive Information via Unauthenticated Endpoints

• Date: 26 June 2023
• CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
• Discovered by: Bipin Jitiya (@win3zz)

Summary

[REDACTED], Inc., uses ServiceNow with an instance named "[REDACTED]" accessible at https://[REDACTED].service-now.com/. Upon reviewing this instance, I observed that it is not sufficiently hardened for security, and some endpoints are exposing sensitive information. The following three endpoints, designed for performance monitoring, logging, and troubleshooting purposes, are accessible without authentication:

MerlinEgalite

pragma solidity >=0.8.0;

import "forge-std/Test.sol";
import "forge-std/console2.sol";


contract ContractA {
	function destroy() public {
		selfdestruct(payable(0));
	}

virattt

FLX-0x00

#!/bin/bash

# first parameter is passed to subfinder as the target domain

docker pull projectdiscovery/nuclei
docker pull projectdiscovery/httpx
docker pull projectdiscovery/naabu
docker pull projectdiscovery/dnsx
docker pull projectdiscovery/subfinder
docker pull projectdiscovery/notify

PaulSec

#!/bin/bash
set -x
foo=`date +'%Y_%m_%d'`
database="/path/to/my/sql_app.db"
nucleitemplates="/path/to/my/nuclei-templates/"
cd $nucleitemplates
git pull
output_folder="/tmp/nuclei/$foo"
mkdir -p $output_folder
echo -e ".mode csv\n.out /tmp/nuclei/$foo/domains.csv\nselect domain from domain;" | sqlite3 $database

fransr

var logger = console.trace;

// ELEMENT

;(getElementByIdCopy => {
  Element.prototype.getElementById = function(q) {
    logger('getElementById', q, this, this.innerHTML);
    return Reflect.apply(getElementByIdCopy, this, [q])
  }
})(Element.prototype.getElementById)

Frycos

TLDR

Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices. Cisco Security Manager offers comprehensive security management (configuration and event management) across a wide range of Cisco security appliances, including Cisco ASA Adaptive Security Appliances, Cisco IPS Series Sensor Appliances, Cisco Integrated Services Routers (ISRs), Cisco Firewall Services Modules (FWSMs), Cisco Catalyst, Cisco Switches and many more. Cisco Security Manager allows you to manage networks of all sizes efficiently-from small networks to large networks consisting of hundreds of devices.

Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and (according to Cisco) patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITY\SYSTEM.

toufik-airane

defaults.env
release.zip
js/config.js
js/credentials.js
js/secrets.js
js/keys.js
js/password.js
js/api_keys.js
js/auth_tokens.js
js/access_tokens.js

dmaasland

$Source = @"
using System;
using System.Runtime.InteropServices;

namespace ProcDump {
    public static class DbgHelp {
        [DllImport("Dbghelp.dll")]
        public static extern bool MiniDumpWriteDump(IntPtr hProcess, uint ProcessId, IntPtr hFile, IntPtr DumpType, IntPtr ExceptionParam, IntPtr UserStreamParam, IntPtr CallbackParam);
    }
}