02. Aug 2021
The skill set of our employees is our most valuable asset. Thus, to support the continuous self-development and improvement of our practices we conduct security research.
We have multiple avenues of discovering new vulnerabilities and how we get to the stage of creating proof of concept exploits. The first one is during customer assessments. Many times we identify flaws in software used by customers. One example would be the privilege escalation in the Symantec Messaging Gateway discovered by Dave. Another way we discover & study flaws is by locating them in the source code of recently published security advisories, e.g. the ones posted to github.com/advisories.
We like for our work to be understood and interpreted in the most user-friendly way possible. That's why we include Dockerfiles, patches and other supplementary elements with most of our PoCs - so that the vulnerable software can easily be be run locally, to test our exploits against it.
Meanwhile, cy//ective has created a plethora of PoC exploits, from 0-day to N-day vulnerabilities and reported many 0-day vulnerabilities to suppliers directly in a responsible disclosure process. Today, we'd like to give back something to the community and share three proof of concepts with you. We still need to decide what we will do with the rest of the arsenal and any future proof of concept exploits.
Are these exploits of interest to you? Would you like for us to keep sharing insights into our field of expertise? Feel free to tweet at us via @cyllective.
cy//ective is always expanding the field and also itself. We will soon announce major changes and are looking forward to share the news with you.
Title: Twig allowing dangerous PHP functions by default in getgrav/grav
Title: Improper Input Validation (RCE) within the Wazuh API
>= 4.0.0, <= 4.0.3
Title: Remote Code Exploit (RCE) in Lucee Admin
188.8.131.52, 184.108.40.206, 220.127.116.11