-
Recent Posts
- Weaponizing AMSI bypass with PowerShell
- CVE-2019-15305 – CVE-2019-15309 Several Security Vulnerabilities in “Innosoft Einsatzplanung Web” Version 5.2q4
- Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]
- Comprehensive data leakage via Google Groups
- Pingsweep with Windows CLI
Tag Archives: security
Weaponizing AMSI bypass with PowerShell
Introduction The Windows Antimalware Scan Interface (AMSI) is a versatile interface standard that allows applications and services to integrate with any antimalware product that’s present on a machine. You can find more information on it here: https://docs.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal. A while ago … Continue reading
Posted in Researching, Windows, Write-Up
Tagged amsi, bypass, exploitation, hacking, Powershell, security
Comments Off on Weaponizing AMSI bypass with PowerShell
Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]
During a recent webapplication testing I decided to perform some fuzzing of certain paths within the URI of a CMS and happened to find a potential SSTI (server side template injection) within one of the CMS’ plugins which I then … Continue reading
Posted in Researching, Webapplication security, Write-Up
Tagged bugbounty, bughunting, cve, cve-2018-14716, exploit, exploitation, exploitdb, hacking, information disclosure, security, server side template injection, ssti, vulnerability, webapplication
Comments Off on Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=3.1.3 [CVE-2018-14716]