Pentest Chronicles

If you’re interested in the world of cybersecurity, the related technical issues, and what’s challenging right now, you’re in the right place! This part talks about IT security more broadly and has the latest information, tips, and advice.

Latest insight

CVE-2025-8890 Authenticated RCE in SDMC NE6037 router

Grzegorz Bronka

19 December, 2025

When testing connectivity of the SDMC NE6037 router inputting a quote character into the "ping" utility revealed an error indicating a Remote Code Execution (RCE) vulnerability. It is quite common to find RCE vulnerabilities in routers’ connectivity tools (such as ping or traceroute). The user-supplied parameters are passed without sanitization as a parameter to a shell command. This was confirmed to be the root cause in this instance.

READ article

Other articles

Denial of Service attack via web cache poisoning – Vulnerability Analysis

Mikołaj Pudlicki

28 March, 2025

During security tests, a critical vulnerability was discovered in the tested application. This issue allows an attacker to block access to the application. The problem is caused by incorrect cache handling. Web cache poisoning is an attack where an attacker exploits the caching mechanism to store altered or malicious responses in a cache entry, forcing the website to serve harmful HTTP responses to its users. When improperly implemented, caching mechanisms significantly increase the risk of for example denial of service (DoS) conditions, by serving incorrect cached responses to legitimate users.

READ article

(Not) Easy authorization

Jacek Siwek

14 March, 2025

Vulnerabilities from the broken access control group according to OWASP TOP TEN 2021 are among the most common in web applications. They give users with lower privileges the ability to, among other things, access data or functions that are not intended for such a role. It also happens that an ordinary user can use functionalities belonging to the administrator, which can also lead to privilege escalation. Sometimes, these vulnerabilities are unusual in nature because they are not always related to flaws in the application logic... In such cases, testing should also include more complex scenarios that go beyond the classic approach.

READ article

Breaking license validation in a desktop application – how business logic flaw can enable unauthorized activations

Piotr Ćwikliński

07 March, 2025

During one of my security audits, I discovered a business logic flaw in the license verification process of a macOS desktop application. This flaw made it possible for an ordinary user with basic hacking skills to bypass restrictions and activate the software on multiple devices, even though the license was meant for just one machine. The issue was caused by insufficient server-side validation. While some parameters and their values in the activation request were correctly validated, others were either ignored or not used at all for verification.

READ article

Possible Misconfigurations in Active Directory – Security Audit Findings

Jarosław Kamiński

28 February, 2025

Active Directory (AD) is a critical component of IT infrastructure, serving as the backbone for user authentication, access control, and identity management within an organization. However, misconfigurations and weak security controls in AD can expose an environment to severe risks, including privilege escalation, unauthorized access, and even full domain compromise.

READ article

How Secure Are Your Application Secrets? Lessons from Years of Real-World Penetration Tests

Mateusz Lewczak

21 February, 2025

In the context of web applications, 'secrets' refer to sensitive data used to secure communication, authenticate users, or access restricted resources. These are critical pieces of information that must be protected to maintain the security and integrity of the application. First and foremost, it's important to acknowledge that the secure storage of secrets in applications is still an unresolved challenge. Many developers find this aspect unclear or challenging.

READ article

Vishing – How It Works and Why It's So Effective: Insights from Commercial Social Engineering Tests

Jacek Siwek

14 February, 2025

Vishing is a type of social engineering attack in which scammers call their victims, pretending to be trusted individuals or institutions (such as IT departments, banks, or service providers) to extract confidential information or manipulate them into performing specific actions. While the conversation may seem harmless, it can lead to the disclosure of login credentials to company systems or even the execution of malicious software.

READ article

From temporary solutions to insecure security practices.

Adam Borczyk

06 February, 2025

When auditing security posture of our clients' Azure and Entra ID infrastructures, we always verify what are the current Multi-Factor Authentication (MFA) rules and policies. We check what does the Conditional Access enforce, who is covered by which policy and what are the exclusions, if any.

READ article

The Hidden Danger in PDFs: How Misconfigurations Can Expose Sensitive Data?

Patryk Bogdan

28 January, 2025

Recent security audit revealed a critical vulnerability in the way WeasyPrint processes user-provided data for generating invoices in PDF format. The issue occurs because of insufficient input validation, allowing attackers to inject malicious HTML tags that are rendered within the generated PDF. This flaw opens the door to extracting sensitive files from the application's infrastructure or querying remote resources, posing significant security risks.

READ article

Ex-Employee Private Code Repository Accounts: A Breach Waiting to Happen?

Adam Borczyk

22 January, 2025

A recent application audit revealed several concerns regarding source code management practices. The most significant finding involves the storage of code in a private GitHub repository that remains tied to a former employee's account. This configuration poses potential risks to code access and management.

READ article

Featured articles

Two new CVEs: FooGallery's WordPress plugin

Robert Kruczek

05 July 2024

During some happy hunting, I found two XSS vulnerabilities in the FooGallery WordPress plugin (version 2.4.14), which made 50k instances vulnerable on the day of discovery! These can allow attackers to execute malicious code and gain unauthorized access to administrative functionalities. Below is a detailed explanation of these vulnerabilities and how they can be exploited.

READ article

XSS in WordPress via open embed auto discovery

JAKUB ŻOCZEK

29 May 2023

Users often assume that known software is free of security flaws because it has been checked by a sufficient number of tools and security testers. However, this is not an assumption that a pentester or bug hunter can afford to make. Vulnerabilities may lurk in various places, and finding an interesting bug often requires patient searching.

READ article

A professional cybersecurity consultant ready to assist with your inquiry.

Any questions?