Configurare un Pi-Hole portatile

Poco tempo fa ho scoperto un progetto open source chiamato Pi-Hole, piuttosto conosciuto e apprezzato. Il compito di Pi-Hole è quello di “ripulire” la nostra navigazione su Internet da pubblicità e siti malevoli (semplificando: funge da ad-block), creando un piccolo server DNS sul Raspberry. Uno dei principali punti di forza è che, una volta configurato, ripulisce dalle pubblicità ogni dispositivo connesso alla rete, senza bisogno di ulteriori programmi o plug-in. ...

November 2, 2018 · 8 min · 1598 words · Luigi Gubello

From XSS to RCE in Simplenote 1.1.3

Summary In Simplenote 1.1.3 - Desktop app there is a stored XSS vulnerability that can be used to execute arbitrary code. If there is malicious code in the note and the user tries to print it (for example to save it as a PDF), the malicious code runs. ...

July 29, 2018 · 1 min · 115 words · Luigi Gubello

Stored XSS in Microsoft Bing

After many unsuccessful attempts to find an XSS in Yahoo’s domains, I decided to move my attention to Microsoft Bing. If you have a Microsoft account, Bing allows you to save online content (images, videos and places) on the page My saves, and allows to create collections to better manage your own content. The titles of these collections were not properly filtered, so it was possible to break the code and inject persistent arbitrary code. The code could be injected easily, all it took was the wrong image added to My saves. I was lucky with Bing, now I can go back to fail with Yahoo 🙂 ...

April 21, 2018 · 2 min · 226 words · Luigi Gubello

Events Manager 5.8.1.1 – Stored XSS

Info Product: Events Manager Version: 5.8.1.1 Active installations: 100,000+ Product page: https://it.wordpress.org/plugins/events-manager/ CVE: 2018-9020 Description An unauthenticated user or a user without privileges, who can submit an event, can inject javascript code in the Google Maps miniature. The malicious code runs in the admin panel when a user with privileges opens the submitted event. The problem is in the file events-manager.js, the variable mapTitle is not escaped. Proof of Concept ...

March 25, 2018 · 1 min · 124 words · Luigi Gubello

Multiple stored XSS in AOL Mail

In November, I reported various persistent XSS vulnerabilities in AOL Mail to the AOL Security Team. They replied quickly and fixed the vulnerabilities in less than 90 days. 1. Using an unclosed tag, it was possible to inject arbitrary javascript code. The payload ran as soon as the victim opened the site mail.aol.com because the code was in the e-mail preview. ...

March 23, 2018 · 2 min · 223 words · Luigi Gubello