yaracroft : "RCE on **Spip** + Preauth custom SSTI on icalenda…" - nanao

yaracroft @venom@nanao.cybtex.fr

RCE on Spip

Preauth custom SSTI on icalendar generation
Postauth email content eval
Postauth code injection in MediaBox as a WebMestre
Postauth php file upload // t0
DNS Rebinding on the file upload feature // t0

#web #online #spip #software #threats #vuln #informatique

https://thinkloveshare.com/hacking/rce_on_spip_and_root_me_v2/

20 août 2022, 20:11 · · · ·

Inscrivez-vous pour prendre part à la conversation