Nick Security Log

securityを始めとしたNickのブログです

RCE レポート&リソース

f:id:NickShadows:20200218220330j:plain ※勉強目的のみ。悪用厳禁。
目次

www.nicksecuritylog.com

レポート

2017年

GraphicsMagick
https://hackerone.com/reports/212696

2019年

調査方法から発見方法まで
https://hackerone.com/reports/502758

リソース・記事

2020年

RCE説明
https://www.youtube.com/watch?v=P_ZQKeXf-gM&feature=youtu.be

ReconからRCEまで
From Recon to Optimizing RCE Results - Simple Story with One of the Biggest ICT Company in the World

無制限のファイルアップロード

2019年

Write up
Dank Writeup On Broken Access Control On An Indian Startup

CWE
https://cwe.mitre.org/data/definitions/434.html

2020年

検証・修正方法
How I Gain Unrestricted File Upload Remote Code Execution Bug Bounty.

OWASP
Unrestricted File Upload | OWASP

関連CVE

nginx

CVE-2019-11043
New security test: CVE-2019-11043 PHP-FPM & NGINX RCE | Detectify Blog

ImageMagick

CVE-2016–3714
ImageTragick ImageMagick RCE Take 2 - ImageTragick Attack ImageMagic RCE - Numb Shiva - Medium https://www.youtube.com/watch?v=sKI3PnOGMN8

WebLogic

CVE-2017-10271
https://hackerone.com/reports/576887

CVE-2019-2725
WebLogic RCE (CVE-2019-2725) Debug Diary

Atlassian Crowd

CVE-2019-11580
Analysis of an Atlassian Crowd RCE - CVE-2019-11580 – Corben Leo – infosec write-ups and ramblings

Jira

CVE-2019-11581
JIRA Security Advisory 2019-07-10 - Atlassian Documentation Two Easy RCE in Atlassian Products - Valeriy Shevchenko - Medium

PHP

CVE-2012-1823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823 PHP-CGI Remote Command Execution Vulnerability Exploitation

AEM

CVE-2016-0957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0957 How to get RCE on AEM instance without Java knowledge

vBulletin

CVE-2019-16759
vBulletin RCE CVE-2019-16759 exploited in the wild, to Detectify | Detectify Blog

Pulse Secure

いろいろ
Orange: Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study!

struts

CVE-2017-5638
How I got 5500$ from Yahoo for RCE - InfoSec Write-ups - Medium

CVE-2018-11776
Apache Struts2にリモートコード実行(RCE)の脆弱性(S2-057 : CVE-2018-11776) - OSS脆弱性ブログ

spring

CVE-2016-4977(SSTI)
Yahoo! RCE via Spring Engine SSTI – ∞ Growing Web Security Blog Spring Boot RCE