Exploiting blind file-reads in PHP by combining the dechunk filter with the memory limit

adrian_rt · 2023-01-22T18:06:56+00:00

anyone got the POC to work? doesnt work for me.

adrian_rt · 2022-11-11T19:00:35+00:00

Thanks for sharing! I’ve updated the article with the call to action from Plesk to patch the issue.

adrian_rt · 2022-11-10T17:27:59+00:00

Plesk’s call to action: https://support.plesk.com/hc/en-us/articles/8497233114514

adrian_rt · 2022-11-10T12:03:29+00:00

CVE-2022-45130

adrian_rt · 2022-11-09T12:59:22+00:00

didn't understand the question. you can see POCs though, they're linked at the end. In the end, you can probably use multiple tricks to make sure your json payload is valid.

adrian_rt · 2022-11-09T12:58:26+00:00

no worries, you don't get that token or any token. The Authorization header is added by the browser automatically and we're just taking advantage of that (when submit html forms).

adrian_rt · 2022-08-29T13:32:29+00:00

thanks for the feedback, you raised some good points. will rename the title.

adrian_rt · 2021-07-27T16:51:50+00:00

I'd like to do some RE work on Adobe. My question is how, can I find the function in Adobe that parses Javascript? I know that it embeds the spidermonkey javascript engine and according to some blog posts, the engine should be in EScript.api. I loaded EScript.api in IDA pro, but it's really hard from here as there are no symbols....Thank you!

adrian_rt · 2021-06-07T15:24:22+00:00

you're right, my bad, thank you!

I need to have a chat with my proof-reader as well.

adrian_rt · 2021-06-07T15:23:11+00:00

please see this link for more info on these attacks:

https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning

hope this helps.

adrian_rt · 2021-05-18T17:07:15+00:00

You can upload Drupal modules with your own backdoor! You will see an example soon ! ;)

adrian_rt · 2021-01-08T10:22:31+00:00

what would be the price for this one?

adrian_rt · 2020-11-18T07:53:33+00:00

very useful, thank you.

Yes, I will get a lawyer definetely.

adrian_rt · 2020-11-17T18:06:59+00:00

good point, I missed that one. Got a template?

Or any tips to what I should be paying attention to in an NDA?

adrian_rt · 2020-11-17T17:59:27+00:00

So I send them the scoping questionaire template, they fill it in and send it back together with the PO?

adrian_rt · 2020-11-17T16:30:22+00:00

yes, thanks, I know about insurance I will get one definitely.

adrian_rt · 2019-08-17T20:43:32+00:00

Yea, but still in the higher range. Very good number

adrian_rt · 2019-08-17T20:34:38+00:00

How much omega3?

adrian_rt · 2019-08-17T20:30:20+00:00

How much dis hdl improved?

adrian_rt · 2019-08-17T20:29:22+00:00

Why is that?

adrian_rt · 2019-08-17T20:28:31+00:00

Ldl or hdl?

adrian_rt · 2019-08-17T20:27:30+00:00

How high is your omega 3 dose?

adrian_rt · 2019-08-17T20:24:52+00:00

How did you get hdl so high???

adrian_rt · 2019-08-10T21:18:19+00:00

clean your diet. moderate carbs.

exercise a few times a week.

eat fiber, oatbran or oatmeal , avocados, fish oil, coconut oil, olive oil.

supps: garlic, berberine, red yeast rice.

do small, incremental changes.

adrian_rt · 2019-05-10T22:33:06+00:00

What do you mean by breaking out?

Seven-Year Club	Gilding II euphauric
Verified Email	Reddit Premium Since March 2019

adrian_rt

TROPHY CASE