2026-03-21T13:42:37Z https://yabu.me ~swapgs https://yabu.me/npub1au9arhljl5kteek5azuqnr2pwttct5cuq0prcp5ammfm6kk23l5q4cx6yk https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/305/049/668/669/022/original/8c5e739bd526ab71.jpeg https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/305/049/668/669/022/original/8c5e739bd526ab71.jpeg https://yabu.me/nevent1qqsgmm8dfka9gd46e8pshjz495l5z9mjz0x83d3rjv9fgwsl93yh23gzyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287s50gqaf In reply to <a href='/nevent1qqsds27r4y6dxq9hm3y9skaxh0x4eqh26uqpyze9uma3f74ua2gyyvqvylzpj'>nevent1q…lzpj</a><br/>_________________________<br/><br/>Have you looked into their internal APIs for this feature? Container escape via Zed would be fun :) 2026-03-20T22:34:37Z https://yabu.me/nevent1qqsq5gpwy3f4utf734s9auq2xvw0zh70tf3fm309z6u7zfnnd3re66szyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287stscnqw In reply to <a href='/nevent1qqspv6tqhsl3qttnd8huhq2gzt2ve647rd3mhq8gsx3e92afhl6fk8sqsy99l'>nevent1q…y99l</a><br/>_________________________<br/><br/>Looks like some AI slop? 2025-12-22T09:39:59Z https://yabu.me/nevent1qqstp98d7st0yut8s7p4t26s9aj4vxfmmw3yrvpd6zgk2zkk000zgjgzyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287sgcsnfj Don’t skip the linenoise section, a lot of great bits in there! <a href="https://haunted.computer/@phrack/115051910573337358">https://haunted.computer/@phrack/115051910573337358</a> 2025-08-19T09:09:57Z https://yabu.me/nevent1qqsy3yt2qefunnqgqvsgnynrp7wtr2q88tf7a0gsdn3qvmpesu69n3gzyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287sgygp4f Pre-auth RCE in CentOS Web Panel (CVE-2025-48703) found by the friends at Fenrisk. This is beyond madness that Shodan finds 200k of these exposed publicly. <br/><br/>(this post is sponsored by strace®, because no one cares about ionCube)<br/><br/><a href="https://fenrisk.com/rce-centos-webpanel">https://fenrisk.com/rce-centos-webpanel</a> 2025-06-24T09:35:36Z https://yabu.me/nevent1qqsf4zd374zmpudyzv8qe8lhja42a0tel7wwestczpzuuvktrj390jszyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287sz6tmq7 I finally found the perfect bug to play with wrapwrap and get RCE on Monero forums :ablobcatpopcorn: <br/><br/>After that, very classic exploitation steps. The only twist is that I didn&#39;t expect Laravel (at least this version) to unserialize() session cookies when the session driver is set to Redis. <br/><br/><a href="https://swap.gs/posts/monero-forums/">https://swap.gs/posts/monero-forums/</a><br/><br/>#php 2025-06-11T10:06:07Z https://yabu.me/nevent1qqsdlznq9sv4w9mfq6egg6w8u46zwz3kk979rq4jrhaj5vk5w37gy3qzyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287s999jpu Beating the kCTF PoW with AVX512IFMA for $51k<br/><br/><a href="https://anemato.de/blog/kctf-vdf">https://anemato.de/blog/kctf-vdf</a> 2025-05-30T22:38:33Z https://yabu.me/nevent1qqsxwfxh8sx3ccyqrmjpc0n2v633jldznpkt3sx6w5k5atrj2mxec2czyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287sv86vqs Defcon forums have to be RCE’d once a year, I don’t make the rules! <br/><a href="https://chaos.social/@christopherkunz/114579265339897261">https://chaos.social/@christopherkunz/114579265339897261</a> 2025-05-27T10:20:57Z https://yabu.me/nevent1qqsx4grhhpe5jctnehk49hn7lswvsqfa6x5u2cfdw7z3rm9pv7jvskszyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287s2cd53m In reply to <a href='/nevent1qqsrzhu26z4zr82eghjusjlk60tr9n0flth4xnrw5ducc6y6mphzu2qzrmqkq'>nevent1q…mqkq</a><br/>_________________________<br/><br/>that’s a lot of Python code for a git diff and a Paramiko one-liner :) 2025-04-18T10:15:31Z https://yabu.me/nevent1qqsgkm263dyd6vlp8fl4arhwcf9hhsvzf7p20v4pksdkmy864kcequczyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287s5vm47x In reply to <a href='/nevent1qqsgarw56rak4uaryvxye4vhzkjjxhfz2nw06wmj77a07404y6npctsqaxag8'>nevent1q…xag8</a><br/>_________________________<br/><br/>IIRC you get a GHSA ID every time you report something through <a href="https://github.com/php/php-src/security/">https://github.com/php/php-src/security/</a>, so this one must have been closed as N/A because it&#39;s now in <a href="https://github.com/php/php-src/issues/18209">https://github.com/php/php-src/issues/18209</a>. <br/><br/>Anyway it&#39;s a nice writeup, and apparently a stable bug that will be useful to bypass disable_functions on a bunch of PHP releases! 2025-04-17T21:36:52Z https://yabu.me/nevent1qqst7r6c2frxymghlwausxwhsqvyll7l73hw60kfjdpyfzn0seuqfkqzyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287ssvk9zg In reply to <a href='/nevent1qqs9vfq0y7lhj6wdfpsj6waew8lpzk5dhkxfp6aya87gxmmhkthrmgcmn82ve'>nevent1q…82ve</a><br/>_________________________<br/><br/>If it’s not in a remote surface (multipart parsing, json, etc) they won’t assign any CVE to it. Would need to check but it’s likely tracked as a functional issue publicly. 2025-04-17T10:17:36Z https://yabu.me/nevent1qqsqc6ycuc2a9hnucj5q76k5p3mevrhj67kgs6c0y4z08aa3xmcwnwszyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287s78e4l6 In reply to <a href='/nevent1qqsfdwn6ru6rgusevry335qw7uc9tewwrg8cau8zkcqwyw4tyclgufcqeddyw'>nevent1q…ddyw</a><br/>_________________________<br/><br/>In other words, what motivated this choice? <br/><br/>&gt; &#34;The library doesn&#39;t provide information about whether a path exists, or about the filesystem object the path leads to (e.g. file vs. directory vs. symlink). This information should be obtained via OS-specific functions.” 2025-04-16T13:45:43Z https://yabu.me/nevent1qqsrj2k3s8m49kv3e2yxa8cm44rmxcnvd8phdg3uhw8y7pnf6zq68dqzyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287s0mjel5 In reply to <a href='/nevent1qqspzwjdqk2vv8rh0hd6mrw497xf3pkg05p8vks92faksah5y9z8rpsz2ksyh'>nevent1q…ksyh</a><br/>_________________________<br/><br/>Why abstract it away from the filesystem? You’re missing out on proper normalization / canonization of paths without risking differentials, symbolic links, etc. 2025-04-16T13:37:44Z https://yabu.me/nevent1qqsr5gs3xyq55mv5kmsdmvxm5z2an7758z6qhmwwzzs56s6z9835raqzyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287shxnn7f In reply to <a href='/nevent1qqstt2j8xu35dnmnax9stswf6dns396q9yjajhygrmlutpd266529lsc6q77u'>nevent1q…q77u</a><br/>_________________________<br/><br/>… another ticket / report to write ;-; 2025-04-03T11:34:51Z https://yabu.me/nevent1qqs0y3glw88m2m6psywunzvewfqsspzzev82jawvc798nmmua9pnjjqzyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287srhfemp Last year, I had a few weeks between jobs and decided to look at the infrastructure security of random Linux distributions with the good friends at Fenrisk. <br/><br/>We ended up getting code execution on the Fedora Git forge hosting all package sources and on the Open Build Service instance of openSUSE. Nothing technically fancy (the usual silly argument injection bugs), but we could have effectively backdoored all their packages :°)<br/><br/>We finally presented the details last week at <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub1ksdnvrh2yh80v5gk8utuc5pntj9rtmrpkappmsay2qz3uawhnmdqh0jndp" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>Insomni'hack</span> (<span class="italic">npub1ksd…jndp</span>)</a></span>: <a href="https://fenrisk.com/assets/media/Don&#39;t%20let%20Jia%20Tan%20have%20all%20the%20fun_%20hacking%20into%20Fedora%20and%20OpenSUSE.pdf">https://fenrisk.com/assets/media/Don&#39;t%20let%20Jia%20Tan%20have%20all%20the%20fun_%20hacking%20into%20Fedora%20and%20OpenSUSE.pdf</a>. <br/><br/>Big kudos to distro maintainers, this was one of the most efficient disclosures of my life!<br/><br/>(now let&#39;s do kernel.org?) 2025-03-19T11:07:15Z https://yabu.me/nevent1qqs0nseujhddytpajyhsgeclyrugydql9mrhz7w6a6mlc47p4gqevfgzyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287sqnz7nz Spoiler: it’s way too easy! See you there :) <a href="https://infosec.exchange/@1ns0mn1h4ck/114080672369739128">https://infosec.exchange/@1ns0mn1h4ck/114080672369739128</a> 2025-02-28T09:20:50Z https://yabu.me/nevent1qqs0rrsxhdhpcw2zacevjtp6pgjfc80nldhuch8x7k7sjzl6uepzpdszyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287suq8a57 In reply to <a href='/nevent1qqsgaljn5m5vp80hyu6z3xeh2lfw4za6me46uky7n7xp4klxave26wc3gv09w'>nevent1q…v09w</a><br/>_________________________<br/><br/>Looks like your RSS caught an early draft, well done :P 2025-02-14T09:09:26Z https://yabu.me/nevent1qqsfsa4gf4typ7p3lrl7fnsmjkl0wvjuc4wmgedgvkz4ds89q3lqhjszyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287sletgg2 In reply to <a href='/nevent1qqsf7m97spmrmgrwxldkpwhaj634u76xj8usls4puxvdjthl982qensxv5l8l'>nevent1q…5l8l</a><br/>_________________________<br/><br/>This? <a href="https://www.hackerone.com/ai/accelerate-vulnerability-remediation-with-hai">https://www.hackerone.com/ai/accelerate-vulnerability-remediation-with-hai</a><br/><br/>Looking at the screenshots, I don’t see how that would bring any value to the programs. 2024-12-06T09:13:35Z https://yabu.me/nevent1qqsw88734vaxv63u6h5377fgjjd4zsp8x9g53d9qwy72ca4rstkdhfqzyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287snvuveh In reply to <a href='/nevent1qqsvmhn9up9lzkral2j47tqq97yqh9scxstxxc0mruqjrhgexmda9fcj3cz6f'>nevent1q…cz6f</a><br/>_________________________<br/><br/>Yep! 2024-11-28T10:55:12Z https://yabu.me/nevent1qqsfzzaccsefu3e6myl359f3wyz7z93d8r95h7znd3twxw4tlr8vacczyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287s20rs4n In reply to <a href='/nevent1qqspyqezv3d4nchcsdckm4ungqayz39e2a5sjgrj48c5fqlhn57memgg9t0jl'>nevent1q…t0jl</a><br/>_________________________<br/><br/>Just lost a few hours yesterday for the same-ish reason, genuinely thought scapy was broken 😞 2024-11-28T10:49:34Z https://yabu.me/nevent1qqsxkvns6wmq5x6emzadk8fysl8lk8j6j4eys79csnxvrjkpmwzaajgzyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287sydvh0z In reply to <a href='/nevent1qqstgk0ek5yulyyxtguh7ahgxlqh3ecc6x6eftt6hnhjhtmdt54wn8s5xp37c'>nevent1q…p37c</a><br/>_________________________<br/><br/>It took a while though, this should have been announced this way instead and not rushed through the door :/ 2024-11-22T22:28:00Z https://yabu.me/nevent1qqs8ut4u5s3g48xqs266feuj9v34ggt9fr6zev9rn3xlx7tul8wyj3czyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287s7l2pkf Finally got to publish the CVE for a &#34;forever-day&#34; path traversal in the .NET library DotNetZip affecting all releases since 2018. Enjoy, the PoC is in the patch! :blobcatsuit: #CVE_2024_48510<br/><br/><a href="https://www.cve.org/CVERecord?id=CVE-2024-48510">https://www.cve.org/CVERecord?id=CVE-2024-48510</a> 2024-11-19T10:43:27Z https://yabu.me/nevent1qqsfpa4dx7pdt8a25cfnt9d2hrkgyjh7cqndk33cavcwtukzc0mfp7czyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287sd9ltx3 <span itemprop="mentions" itemscope itemtype="https://schema.org/Person"><a itemprop="url" href="/npub13s4law80pm6z09t9yd954uspawgxesrtnyw3ffwh7qadcc2dqu3snka2v7" class="bg-lavender dark:prose:text-neutral-50 dark:text-neutral-50 dark:bg-garnet px-1"><span>pspaul</span> (<span class="italic">npub13s4…a2v7</span>)</a></span> just released a great writeup of the pacparser bug we found a few years back. The Zscaler VPN client, running as root, would inject the destination hostname in a JavaScript snippet and execute it with a *very* old version of SpiderMonkey. Paul transformed it in a CTF challenge for hack.lu and found the perfect vm bug to get RCE :blobcatadorable:<br/><br/><a href="https://blog.pspaul.de/posts/ancient-monkey-pwning-a-17-year-old-version-of-spidermonkey/">https://blog.pspaul.de/posts/ancient-monkey-pwning-a-17-year-old-version-of-spidermonkey/</a> 2024-10-29T10:52:35Z https://yabu.me/nevent1qqsz7nt53ctrwu24r8vru3yqx8pv3mvy4nj53jtlpqajawu8ljkn2rqzyrhsh5wl7t7je08x6n5tszvdg9ed0pwnrspuy0qxnh0d8026e287s09wzdt In reply to <a href='/nevent1qqsy0nqtkzzc064dplxmnldeaftskuucz0thfdf370uje7yfshqqg8cxwnfq0'>nevent1q…nfq0</a><br/>_________________________<br/><br/>really nice discovery, thanks! 2024-10-23T11:38:09Z