14Jul-22
Analysis of a Command Injection in VBScript
In this writeup we present the analysis and exploitation of a VBScript command injection vulnerability we stumbled upon during a penetration test on a .NET web application. What makes this vulnerability stand out is the fact that at first glance it could be mistaken for a common SQL injection. After a few exploitation attempts, we developed a VBScript Proof of...
17Mar-22
OverIT framework XSLT Injection and XXE – CVE-2022-22834 & CVE-2022-22835
During a penetration test activity, two vulnerabilities were discovered on a specific functionality called “Test Trasformazione xsl” whose purpose is to test the correct operation of the XSLT Java engine. This functionality is part of the set of tools available within the Geocall-Framework and it is not active by default. Advisory - CVE-2022-22834 OverIT projects based on the same Geocall-Framework at level...
16Dec-21
Merry Hackmas: multiple vulnerabilities in MSI’s products
This blog post serves as an advisory for a couple MSI’s products that are affected by multiple high-severity vulnerabilities in the driver components they are shipped with. All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to: Directly interact with physical memory via the MmMapIoSpace function call, mapping physical memory into a virtual address user-space. Read/write Model-Specific...
28Oct-21