Sunday, 27 December 2015

Joomla CVE-2015-7857 writeup

(I wrote this as a 'note' in 14.12.2015 but in case that all information are already public,
below you will find proof of concept and little write-up for vulnerability described in this CVE.)

Saturday, 26 December 2015

New version of Lime Survey

As far as I know LimeSurvey is already updated, so below you will find all described vulnerabilities I found nearly 2 months ago during some small 'code review' exercises.

Response from LimeSurvey Team was very fast! :)

Found: 4.11.2015
Sent:    5.11.2015
Resp:   5.11.2015

AFAIK all findings were fixed in 48h. So... here we go:

Saturday, 24 October 2015

[EN] SOAP testing

During one of last projects I needed to test some webservices.

I was wondering: if I can do it with Burp or by manual testing,
maybe I can also write some quick code in python...

And that's how I wrote

Friday, 2 October 2015


During couple of last days I was checking lcamtuf’s American Fuzzy Lop against some (“non-instrumented”) binaries. 

I was wondering, what will happen if I will run it against Java… ;)

I was looking for some sources, but unfortunately I wasn’t able to find any. Next thing was checking where I have Java installed (so I will know what/where I can check. Kind of ‘test lab’ was: Ubuntu 12, Kali Linux, WinXP, Win7. (Exact version of Java installed on that OS’s you will find below.)

Friday, 19 June 2015

[EN] Social engineering attacks during conference in Katowice

Thanks for watching and all questions during this conference ;)

It was a great energy!

More details:

See you next time.


Wednesday, 27 May 2015

SQLI in e107 CMS

During last few weeks in the middle of time I was doing also some source code review.
That's how I found sqli bug in admin panel in e107 CMS. After a fast response from e107 Team,
fix was created.

This bug was found in e107_2.0_full_beta1 version. I don't know if other versions are also vulnerable.

Details about the vulnerability (even when it's in admin panel) will not be published for now.

Stay in touch. ;)

Monday, 25 May 2015

[EN] Browser exploitation during CybercomDev conference - Updated

During this weekend I gave my first formal security presentation at CybercomDev in Poland.
I was talking about use-after-free exploits, fuzzing and browser exploitation.
Thank you for watching and support ;)

* Currently this presentation is available only on demand.

* Update - 16.07.2015 *
Video (PL) is available here. Thank's Kenis. ;)

See you next time! ;)


Tuesday, 28 April 2015

[EN] Old nasm sigsegv 0day

Like before, I wrote another poc to get shell via overflow in old nasm.
Check it out:

[EN] Flex 2.5.33 (2) 0days

I was testing some old bugs in one old distro, and that's how I found sigsegv in flex (2.5.33).

Below is the proof of concept:

Monday, 2 March 2015

[EN] Analysing malicious PDF - part 2

This time we will check 2 PDF's (because I decide that it will be more fun than just posting about one ;)). Beside that - those 2 files contains different method for delivering the payload, so we will check all of them.