Written by SlidingWindowJuly 15, 2023August 15, 2023

PATCH DIFFING: MOVEIT TRANSFER PRE-AUTHENTICATED SQL INJECTION VULNERABILITY (CVE-2023-34362) – PART2

In the previous blog post, we analysed the MOVEit Transfer patch that mitigates a SQL injection vulnerability (CVE-2023-34362) and figured out the entire call flow to reach the vulnerable method, SetAllSessionVarsFromHeaders(). It looks like this: /moveitisapi/moveitisapi.dll?action=m2 –> Machine2.aspx –> DoTransaction() –> SetAllSessionVarsFromHeaders(). What we did was just figured out the entry point and we still need to […]

Written by SlidingWindowJuly 11, 2023July 11, 2023

Patch Diffing: MOVEit Transfer Pre-Authenticated SQL Injection Vulnerability (CVE-2023-34362) – Part1

Although, the MOVEit Transfer N-Day exploit party is over, I recently started my Patch Diffing journey, so I was looking for another target to practice my skills and survive the painful journey of patch diffing / exploit development. The analysis of unauthenticated SQL injection vulnerability in MOVEit Transfer (CVE-2023-34362) appeared to be challenging yet rewarding […]

Written by SlidingWindowMay 14, 2023December 5, 2023

Exploiting Inter-Process Communication through Shared Memory

Update (June 20 2023): This blog is based on the vulnerability I discovered/reported in SAP SQLAnywhere 17.0 (CVE-2023-33990) back in January 2023. SAP patched it in July 2023; however, their product security response team declined to credit me for this disclosure because I reported the vulnerability through their customer support channel, which was the standard […]

Written by SlidingWindowJanuary 27, 2024April 15, 2024

Windows Internals Notes

I spent some time over the Christmas break least year learning the basics of Windows Internals and thought it was a good opportunity to use my naive reverse engineering skills to find answers to my own questions. This is not a blog but rather my own notes on Windows Internals. I’ll keep updating them and […]

Written by SlidingWindowJune 5, 2021June 6, 2021

Analysis of Microsoft IE – jscript.dll ‘Array.sort’ Heap Overflow Vulnerability (CVE-2017-11907)

In December 2017, Google Project Zero disclosed a Heap Overflow vulnerability in Jscript.dll. A proof-of-concept (PoC) exploit can be found here. A CVE-2017-11907 has been assigned to this vulnerability. This disclosure was part of a series of vulnerabilities in WPAD/PAC and JScript that Google Project Zero reported in 2017. An in depth technical write-up can […]

Written by SlidingWindowMay 22, 2021May 23, 2021

ANALYSIS OF MICROSOFT IE11 SCRIPTING ENGINE MEMORY CORRUPTION VULNERABILITY (CVE-2017-11793) – Part-1

On December 18 2017, Ivan Fratric (@ifsecure) from Google Project Zero disclosed a Use-After-Free (UAF) vulnerability in Microsoft Internet Explorer 11. A proof-of-concept (PoC) exploit can be found here on Google Project Zero website and also on Exploit-DB. A CVE-2017-11793 was assigned to this vulnerability. A UAF vulnerability occurs when an object is created, free-ed and then re-used or […]

Written by SlidingWindowDecember 1, 2019December 1, 2019

Easy RM to MP3 Converter Buffer Overflow Vulnerability (DEP Bypass using ROP)

I wanted to learn and practice DEP bypass technique so I decided to try it on Easy RM to MP3 Converter version 2.7.3.700 (2006.09.29). I started off with a PoC and modified it for DEP bypass. I tried it all manual first and could craft all of the parameters required for VirtualProtect() successfully but then […]

Written by SlidingWindowFebruary 19, 2019September 1, 2020

Spring Framework Directory Traversal Vulnerability (CVE-2018-1271)

It’s too late for this blog post but I’ve been caught up with other tasks so couldn’t post this earlier. Anyways, in this blog, we’ll look at how to setup a vulnerable target for CVE-2018-1271 and exploit it. The issue exists in Spring Framework versions 5.0 to 5.0.4, 4.3 to 4.3.14, allow applications to configure […]

Written by SlidingWindowJuly 21, 2018March 27, 2023

Qualys ThreatPROTECT Blogs

These are the blogs I’ve published so far….

Written by SlidingWindowJuly 21, 2018January 27, 2024

CVE Published

List of CVE-IDs I’ve published so far…

Sliding Window

Exploit Development, Penetration Testing, Security Research, Web Application Penetration Testing, Vulnerability Research, OWASP, Offensive Security