Articles by myst404 (@myst404_)

Playing with GZIP: RCE in GLPI (CVE-2020-11060)

Published on Tue 12 May 2020 by myst404 (@myst404_)

GLPI is vulnerable to a Remote Code Execution (RCE) via the backup feature (CVE-2020-11060).

 

Multiple vulnerabilities in GLPI

Published on Tue 12 May 2020 by myst404 (@myst404_)

Multiple vulnerabilities affect GLPI (CVE-2020-5248, CVE-2020-11034, CVE-2020-11035, CVE-2020-11036 and CVE-2020-11062), including static key used to encrypt sensitive data, Open Redirect, and several XSS.

 

(Super) Magic Hashes

Published on Mon 07 October 2019 by myst404 (@myst404_)

Magic hashes are well known specific hashes used to exploit Type Juggling attacks in PHP. Combined with bcrypt limitations, we propose the concept of Super Magic Hashes. These hashes can detect 3 different vulnerabilities: type juggling, weak password storage and incorrect Bcrypt usage. A Go PoC found some MD5, SHA1 and SHA224 super magic hashes.