The automotive cybersecurity field experienced a noteworthy development in 2023 when an automotive cybersecurity researcher reported that his Toyota RAV4 was hijacked and stolen using a novel theft technique known as CAN injection. It was an innovative, yet simple technique that showcased the adaptability of attackers against modernized defenses against automotive threats. All that was […]
Tag: vulnerability
Title: Path Traversal in Socket.io-file NPM moduleDate: 18/05/2020CVE-ID: 2020-15779Advisory: https://www.npmjs.com/advisories/1519Author: Thomas SermpinisVersions: <= 2.0.31Package URL: https://www.npmjs.com/package/socket.io-fileTested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: https://www.exploit-db.com/exploits/48713 During one of my penetration tests for a local military equipment supplier, I faced a web application running on an embedded device that used web sockets in order to […]