Web Security

Attacking Helpdesks - Part 1: DeskPro

Attacking HelpDesks Part 1: RCE Chain on DeskPro, with Bitdefender as a Case Study

We decided to look at the most popular on-premise helpdesk solutions. In this article we explain how we managed to find and exploit multiple vulnerabilities that eventually lead to remote code execution (RCE) at DeskPro software utilized by thousands of organizations using Bitdefender and Freelancer Inc in a case study. No full exploit is currently available, but steps can be easily reproduced and used to build one.
Web Security   •   March 28, 2020   •   15 min read
Comma is forbidden! No worries!! Inject in insert/update queries without it

Comma is forbidden! No worries!! Inject in insert/update queries without it

A writeup regarding exploiting SQL injection issue in an insert query while it wasn’t possible to use a comma at my payload at all.
Web Security   •   March 31, 2019   •   13 min read
[SQLi] Extracting data without knowing columns names

[SQLi] Extracting data without knowing columns names

Extracting data without knowing columns names from MYSQL < 5 or in case of WAF blacklisting sending information_schema in the request

Web Security   •   February 9, 2019   •   7 min read