Categories
Security Research

[CVE-2020-24807] File Type Restriction Bypass in Socket.io-file NPM module

Title: File Type Restriction Bypass in Socket.io-file NPM moduleDate: 31/07/2020CVE-ID: 2020-24807Advisory: https://github.com/advisories/GHSA-6495-8jvh-f28xAuthor: Thomas SermpinisVersions: <= 2.0.31Package URL: https://www.npmjs.com/package/socket.io-fileTested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: – During some of our pentests, we face applications that are well secured with not so many misconfigurations. That means that we have to dig deeper, if the […]

Categories
Security Research

Virus harvesting Czech eID card identities

This research was conducted in cooperation with WardenSec. This research was presented at QuBit Prague 2020. Video of the talk is available on YouTube. Popis zranitelnosti v češtině je k dispozici zde. Introduction Czech government started issuing new electronical identity cards (further referred to by its Czech name eObčanka) back in July 2018. Those shall […]

Categories
Security Research

CANdy – automated CAN bus message mapping framework

Check out CANdy demo When I was offered to write a bachelor thesis on the topic of CAN bus message mapping, I had no idea how crucial and fascinating such an area actually is and I would like to share with you what I learned and created during the past six months. First thing first, […]

Categories
Security Research

[CVE-2020-15779] Path Traversal in Socket.io-file NPM module

Title: Path Traversal in Socket.io-file NPM moduleDate: 18/05/2020CVE-ID: 2020-15779Advisory: https://www.npmjs.com/advisories/1519Author: Thomas SermpinisVersions: <= 2.0.31Package URL: https://www.npmjs.com/package/socket.io-fileTested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: https://www.exploit-db.com/exploits/48713 During one of my penetration tests for a local military equipment supplier, I faced a web application running on an embedded device that used web sockets in order to […]