Pentest Chronicles

If you’re interested in the world of cybersecurity, the related technical issues, and what’s challenging right now, you’re in the right place! This part talks about IT security more broadly and has the latest information, tips, and advice.

Latest insight

CVE-2025-8890 Authenticated RCE in SDMC NE6037 router

Grzegorz Bronka

19 December, 2025

When testing connectivity of the SDMC NE6037 router inputting a quote character into the "ping" utility revealed an error indicating a Remote Code Execution (RCE) vulnerability. It is quite common to find RCE vulnerabilities in routers’ connectivity tools (such as ping or traceroute). The user-supplied parameters are passed without sanitization as a parameter to a shell command. This was confirmed to be the root cause in this instance.

READ article

Other articles

Exploring DaaS Security: A Comprehensive Guide Based on Vulnerabilities Uncovered in Real Pentests - part 1

Mateusz Lewczak

15 March, 2024

We're experiencing a real renaissance among desktop applications, thanks to cloud services that have added Desktop As A Service to their offerings. This service allows us to stream the image of a native application running on a cloud machine directly to our browser. We interact with it as we would with a normal application, except that, by design, we have limited access to the system. And that's our main goal as pentesters - to escape from the Matrix (application) into the system shell! In a conventional test of a desktop application, the focus is primarily on the application itself and its associated files. However, for applications running under DaaS, the audit extends to the entire runtime environment.

READ article

Crashing servers with digits: floating-point numbers DoS vulnerabilities

Martin Matyja

10 March, 2024

A Denial-of-Service (DoS) attack is a malicious attempt to disrupt the normal functioning of a system or network, in this case – a web application. One sophisticated form of such an attack exploits vulnerabilities in the processing of floating-point numbers. In our scenario, attackers manipulate the system's handling of floating-point arithmetic, leading to inaccurate calculations and potential system failures. This method challenges the reliability of numerical computations and poses a serious threat to the stability and availability of targeted systems.

READ article

Unicode's role in XSS vulnerabilities.

jacek siwek

04 March, 2024

Web application security is a crucial concern in today's digital landscape. Cross-Site Scripting (XSS) attacks pose a significant threat to web applications, allowing attackers to inject malicious scripts into trusted websites. Request validation mechanisms are implemented to mitigate such attacks by blocking certain characters or patterns commonly associated with malicious code. However, recent discoveries suggest that there is a possibility of bypassing these validation mechanisms using Unicode characters, which could lead to successful XSS attacks.

READ article

Insider threat - The average insider threat attack scenario. How attackers can take over an entire domain in a few steps. Part 2.

DOMINIK ANTOŃCZAK

23 February, 2024

Have you ever wondered how little it takes to take over an Active Directory domain? Have you considered using some exploit? Nah, using exploits is not a fancy way and can be easily detected, and if anything, that option remains as a last resort. As savvy "hackers", we possess the right knowledge to navigate the network smoothly without making noise. Sometimes it takes a few steps, and just as Neil Armstrong said, it's one small step for man…, but for us hackers, taking over one system is a small step towards taking over the entire network. In this scenario, I'll demonstrate how the ability to analyze acquired information, coupled with a few sublime actions, was sufficient to take over the entire domain of a company consisting of 500-1000 users.

READ article

Server shutdown via GraphQL during real-life pentest

KAMIL JAROSIŃSKI

19 February, 2024

GraphQL is a query language and environment created by Facebook in 2012 and released publicly in 2015. However, it has only gained significant popularity among developers and organizations in the last few years. Why is it so popular? GraphQL serves as an alternative to traditional API protocols, like REST, offering a more flexible and efficient way for client-server communication. The emergence of new technology opens up new perspectives and solves some problems, but unfortunately, it also introduces threats. This is the case with GraphQL. If used without proper knowledge, it could potentially allow for a DoS (Denial of Service) attack.

READ article

Insider threat - why security measures don't matter. Part 1

Dominik Antończak

09 February, 2024

A sneaky security threat that combines Blind XSS with data exfiltration techniques poses a significant risk, allowing adversaries to insert persistent HTML/JavaScript code that executes within the domain context of an application. This vulnerability can be exploited to steal any data from the application or perform actions on behalf of another user.

READ article

Persistent threats via blind XSS and subsequent data exfiltration - tips and ticks from a security perspective.

SEBASTIAN JEŻ, KALINA ZIELONKA

05 February, 2024

READ article

Better safe than sorry - The Imperative of Double-Checking Application Architecture Before Launch.

MICHAŁ ŻACZEK

12 January, 2024

Every application's journey from conception to release involves critical steps within the Software Security Development Life Cycle (SSDLC). Paramount among these is the Design Phase, where the application's architecture is conceptualized. This step is fundamental in determining the coding approach and necessitates careful consideration, especially from a security standpoint. Key aspects like data processing and storage need thorough examination.

READ article

New Year, Fresh Vulnerabilities: Unmasking Hidden Threats in Web Applications

Marek RZepecki

05 January, 2024

Security flaws, sometimes overlooked as minor ones, can escalate into significant risks for entire applications. Our recent penetration test identified a critical vulnerability enabling potential account takeover at the administrative level. This write-up highlights the essential need for comprehensive security measures throughout the application development process.

READ article

Featured articles

Two new CVEs: FooGallery's WordPress plugin

Robert Kruczek

05 July 2024

During some happy hunting, I found two XSS vulnerabilities in the FooGallery WordPress plugin (version 2.4.14), which made 50k instances vulnerable on the day of discovery! These can allow attackers to execute malicious code and gain unauthorized access to administrative functionalities. Below is a detailed explanation of these vulnerabilities and how they can be exploited.

READ article

XSS in WordPress via open embed auto discovery

JAKUB ŻOCZEK

29 May 2023

Users often assume that known software is free of security flaws because it has been checked by a sufficient number of tools and security testers. However, this is not an assumption that a pentester or bug hunter can afford to make. Vulnerabilities may lurk in various places, and finding an interesting bug often requires patient searching.

READ article

A professional cybersecurity consultant ready to assist with your inquiry.

Any questions?