How leaking valid `ObjRef`s to target .NET Remoting for Remote Code Execution is not considered a vulnerability – at least according to Microsoft.| code-white.com
In Part I, we dug into the internals of the ASP.NET `TemplateParser` and elaborated its capabilities in respect to exploitation. In this part, we will look into whether and how this can also be exploited to gain Remote Code Execution. While this research was originally focussed on the `TemplateParser`, the newly discovered technique was also applicable to SharePoint on-premises and SharePoint Online. So we'll elaborate on how SharePoint protects against the use of malicious code and will pres...| CODE WHITE | Red Teaming & Attack Surface Management
The `TemplateParser` is fundamental in ASP.NET Web Forms. It is used for parsing different ASP.NET source files such as `*.aspx` and for parsing other input from various sources, including user provided data. In this two part series we will take a deep look into `TemplateParser` internals, its capabilities, and how they can be exploited. This knowledge is then applied in the field to demonstrate Remote Code Execution vulnerabilities in Sitecore (CVE-2023-35813) and SharePoint (CVE-2023-33160).| CODE WHITE | Red Teaming & Attack Surface Management
This is a story on discovering an Unauthenticated Remote Code Execution in a CRM product by the vendor ACT!. What made this story special for us was that we had to take a blackbox approach at the beginning and the system was not exploitable with standard .NET Remoting payloads due to several reasons we'll explain in this blog post.| CODE WHITE | Red Teaming & Attack Surface Management
Our business email server, team chat, online help desk and web analytics software will help your business succeed. For business or personal users worldwide.| www.smartertools.com
Tableau Server - Governed self-service analytics at scale| Frycos Security Diary
GANZ Security AI Box: A New Generation AI-Based Intelligent Video Analytics Solution - The intelligent extension for almost every camera system. Thanks to the numerous algorithms for deep learning and analysis with which it is equipped, the AI-BOX is able to recognize the detected objects precisely and immediately and classify them: People, vehicles, motorcycles, bicycles…| Frycos Security Diary
Recently, I did a non-exhaustive security product review on a Document Generator Engine, named Docmosis. A system I targeted used Docmosis Tornado in its latest version 2.9.4. I’ll give you a walkthrough based on my local lab installation with a Proof-of-Concept exploitation on an on-premises system belonging to a specialized agency of the United Nations.| Frycos Security Diary
Update 2023-10-10: After a year, Microsoft decided to provide a patch for this - CVE-2023-41763| Frycos Security Diary
Déjà-vu| Frycos Security Diary