Reversing Windows Drivers Using Ghidra – Part 2

As I mentioned in the previous post, I’m writing this series while preparing for Offensive Security Exploitation Expert (OSEE). In this post, we will use HackSys Extreme Vulnerable Driver (HEVD) which you can download from Github. Yes, HEVD is open source and its symbols are available, so at first that sounds like it defeats the […]

PATCH DIFFING: MOVEIT TRANSFER PRE-AUTHENTICATED SQL INJECTION VULNERABILITY (CVE-2023-34362) – PART2

In the previous blog post, we analysed the MOVEit Transfer patch that mitigates a SQL injection vulnerability (CVE-2023-34362) and figured out the entire call flow to reach the vulnerable method, SetAllSessionVarsFromHeaders(). It looks like this: /moveitisapi/moveitisapi.dll?action=m2 –> Machine2.aspx –> DoTransaction() –> SetAllSessionVarsFromHeaders(). What we did was just figured out the entry point and we still need to […]

Patch Diffing: MOVEit Transfer Pre-Authenticated SQL Injection Vulnerability (CVE-2023-34362) – Part1

Although, the MOVEit Transfer N-Day exploit party is over, I recently started my Patch Diffing journey, so I was looking for another target to practice my skills and survive the painful journey of patch diffing / exploit development. The analysis of unauthenticated SQL injection vulnerability in MOVEit Transfer (CVE-2023-34362) appeared to be challenging yet rewarding […]

Analysis of Microsoft IE – jscript.dll ‘Array.sort’ Heap Overflow Vulnerability (CVE-2017-11907)

In December 2017, Google Project Zero disclosed a Heap Overflow vulnerability in Jscript.dll. A proof-of-concept (PoC) exploit can be found here. A CVE-2017-11907 has been assigned to this vulnerability. This disclosure was part of a series of vulnerabilities in WPAD/PAC and JScript that Google Project Zero reported in 2017. An in depth technical write-up can […]

ANALYSIS OF MICROSOFT IE11 SCRIPTING ENGINE MEMORY CORRUPTION VULNERABILITY (CVE-2017-11793) – Part-1

On December 18 2017, Ivan Fratric (@ifsecure) from Google Project Zero disclosed a Use-After-Free (UAF) vulnerability in Microsoft Internet Explorer 11. A proof-of-concept (PoC) exploit can be found here on  Google Project Zero website and also on Exploit-DB. A CVE-2017-11793 was assigned to this vulnerability. A UAF vulnerability occurs when an object is created, free-ed and then re-used or […]

Oracle WebLogic Server Java Deserialization Remote Code Execution Vulnerability (CVE-2018-2628) Bypass

Oracle patched a critical Java RMI Deserialization vulnerability in WebLogic server earlier this month (CPU April 2018). It was assigned CVE-2018-2628. However,  as @pyn3rd tweeted this morning, it turns out that it was a blacklist based incomplete fix that could be bypassed easily. #CVE-2018-2628 Weblogic Server Deserialization Remote Command Execution. Unfortunately the Critical Patch Update of 2018.4 […]