Title: Improper Input Validation leads to buffer overflow in dlt-daemonDate: 12/05/2021CVE-ID: CVE-2021-29507Author: Thomas SermpinisVersions: 2.10.0 < version <= 2.18.6Package URL: https://github.com/GENIVI/dlt-daemon/Tested on: dlt-daemon 2.18.6 The dlt-daemon includes a configuration file load functionality (-c) which is vulnerable to a buffer overflow vulnerability and allows a malicious user to supply a specially crafted configuration file which results […]
Category: Security Research
Title: File Type Restriction Bypass in Socket.io-file NPM moduleDate: 31/07/2020CVE-ID: 2020-24807Advisory: https://github.com/advisories/GHSA-6495-8jvh-f28xAuthor: Thomas SermpinisVersions: <= 2.0.31Package URL: https://www.npmjs.com/package/socket.io-fileTested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: – During some of our pentests, we face applications that are well secured with not so many misconfigurations. That means that we have to dig deeper, if the […]
This research was conducted in cooperation with WardenSec. This research was presented at QuBit Prague 2020. Video of the talk is available on YouTube. Popis zranitelnosti v češtině je k dispozici zde. Introduction Czech government started issuing new electronical identity cards (further referred to by its Czech name eObčanka) back in July 2018. Those shall […]
Check out CANdy demo When I was offered to write a bachelor thesis on the topic of CAN bus message mapping, I had no idea how crucial and fascinating such an area actually is and I would like to share with you what I learned and created during the past six months. First thing first, […]
Title: Path Traversal in Socket.io-file NPM moduleDate: 18/05/2020CVE-ID: 2020-15779Advisory: https://www.npmjs.com/advisories/1519Author: Thomas SermpinisVersions: <= 2.0.31Package URL: https://www.npmjs.com/package/socket.io-fileTested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: https://www.exploit-db.com/exploits/48713 During one of my penetration tests for a local military equipment supplier, I faced a web application running on an embedded device that used web sockets in order to […]