A few months ago, we reported a pre-auth Remote Code Execution #RCE vulnerability to vBulletin. The exploitation of this unserialize() bug was tricky, as vBulletin classes are not deserialisable. Discover the exploitation in our latest blogpost: ambionics.io/blog/vbulletin…

Mathis Hammel Paul On en parlait déjà en 2016... Pas surpris de voir que ça continue 7 ans plus tard sur ce genre d'apps. youtube.com/watch?v=M7vdzg…

Fishing for bugs in PHP apps be like

Did you enjoy the latest blogpost on PHP filter chains? Well, our ninja Remsio strikes again with a new article detailing how you can abuse them to leak files from the targeted system, as well as a freshly developed tool to exploit it! synacktiv.com/publications/p…

In no time, the mighty Eloi Benoist-Vanderbeken pwned his favorite target: XNU, the Apple MacOS kernel! Rumor has it that he took more time developing the ASCII art than the actual exploit 🥷 #P2OVancouver

A server monitoring software 🌡 named Supermicro SuperDoctor 5 has been encountered during an assessment. However, Aymeric P. and Gaetan were not big fans of the web app UX and thought a root shell would be more suitable 🐚 ➡️ Read more about this RCE: synacktiv.com/sites/default/…

SNMP to RCE - Read about an XSS vulnerability we discovered in LibreNMS, which can be exploited by sending a spoofed SNMP trap and gain code execution via Blade templates: sonarsource.com/blog/it-s-a-sn… #appsec #security #vulnerability

🗡️ Argument Injection Vectors A curated list of exploitable options when dealing with argument injection bugs Capabilities: run a command, file write, file read, library load ➡️ chrome '--gpu-launcher="id>/tmp/foo" By Sonar Research #bugbountytips sonarsource.github.io/argument-injec…

“Patches, collisions and root shells: a Pwn2Own adventure” will be presented by scryh, pspaul & @[email protected] from team Sonar Research at #TyphoonCon23! Learn more and get your tickets today: typhooncon.com/blog/conitems/…

Windows authentication & Prox-Ez is the topic of the last Synacktiv talk at #THCon, staring Pierre Milioni and Geoffrey B

What do we need content types for anyway? Let's look into how an incorrect content type led to a real-world vulnerability in the famous business suite Odoo, CVE-2023-1434 🐛 sonarsource.com/blog/odoo-get-… #appsec #python #cleancode

Sonar at Black Hat Asia! Look for us at Booth B20 for live demos with our solution! In addition, Sonar Research member Paul Gerste will host a presentation: "Stealing with Style: Using CSS to Exploit ProtonMail & Friends" on May 11, 11:20 am at Roselle Junior Ballroom!

Sonar Research identified and linked two vulnerabilities, leading to one-click remote code execution (RCE) exploit in Pimcore. Check out this SecurityWeek article for all the details: securityweek.com/pimcore-platfo… #appsec #security #vulnerability

🥑 The Hazards of Technological Variety and Parallelism: An Avocado Nightmare, by Stefan Schiller (scryh)

Super excited to present this at Hexacon! See you there :)

We are excited to share that we have two entries in the running for the next Pwnie Awards 🐴✨ 👇

RCE in Apache OpenMeetings due to SQL weak comparison, unexpected application state, and null-byte injection. Check out the technical details in our latest blog post: sonarsource.com/blog/a-twist-i… #appsec #security #vulnerability

🔥 Unauthenticated RCE vulnerability in JetBrains TeamCity (CVE-2023-42793) 🔥 We just disclosed the technical details explaining how a vulnerable Request Interceptor and a few undocumented endpoints led to RCE on one of the most popular CI/CD servers: sonarsource.com/blog/teamcity-…

Zip-slipping to RCE via Auto-Reload: OpenRefine is prone to critical security vulnerability (CVE-2023-37476). Read more in our latest blog post: sonarsource.com/blog/openrefin… #security #vulnerability #appsec

Expecting to struggle finding a gadget chain in WordPress Core during an assessment when devs suddenly decided to make it easy : fenrisk.com/publications/b…