Menu

Home

got 0day?

This blog will cover my progress on various topics of my security research. I hope this blog will encourage you to do your own research and share it with the world for a better tomorrow.

DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)

TL;DR This vulnerability allows low privileged users to hijack file that are owned by NT AUTHORITY\SYSTEM by overwriting permissions on the targeted file. Successful »

The perfect SSO account takeover with Oracle OAM (CVE-2018-2739)

TL;DR This weakness allows us to bypass the URL filtering on the RH parameter which could be used to hijack the session of any user »

Windows Remote Assistance XXE vulnerability

Intro Windows Remote Assistance allows someone you trust take over your PC and fix a problem from anywhere around the world. It relies on the Remote »

SMBv3 Null Pointer Dereference vulnerability (CVE-2018-0833)

Table of contents Intro Root cause analysis Proof-of-Concept Intro Late last year while setting up a fuzzer to target the SMB protocol, I discovered a vulnerability »

Oracle OAM 10g Session Hijacking

Table of contents Intro Oracle OAM Authentication flow Hijacking the session Global Exposure Proof-of-Concept Webserver Script Proof-of-Concept Video Mitigation CVSS rating Intro TL;DR Badly configured »