Polygonal Background

Recent Posts

29 March, 2019
  • Posted By Charles Fol
  • magento unauthenticated sqli exploit

Magento 2.2.0 <= 2.3.0 Unauthenticated SQLi

Full Article

Several flaws have been identified in the latest version of Magento 2, allowing an attacker to obtain complete control over the server. We're now releasing the exploit for the unauthenticated SQL injection. We'll release the details for the RCE vulnerability at a later time.

22 February, 2019
  • Posted By Charles Fol
  • drupal rce exploit vulnerability details

Exploiting Drupal8's REST RCE

Full Article

Exploitation and mitigation bypasses for the new Drupal 8 RCE (SA-CORE-2019-003, CVE-2019-6340), targeting the REST module.

16 July, 2018
  • Posted By Charles Fol
  • prestashop session cookie privilege escalation

PrestaShop 1.6 Privilege Escalation

Full Article

Prestashop 1.6.1.19 sessions can be read and written by an attacker, resulting in a range of vulnerabilities including privilege escalation and remote code execution.

04 July, 2017
  • Posted By Charles Fol
  • php exploit vulnerability unserialize library gadget

PHP Generic Gadget Chains: Exploiting unserialize in unknown environments

Full Article

We're introducing a new tool to generate unserialize() payloads easily from common libraries.

17 May, 2017
  • Posted By Charles Fol
  • oracle peoplesoft xxe exploit vulnerability details system shell

Oracle PeopleSoft Remote Code Execution: Blind XXE to SYSTEM Shell

Full Article

Few months ago Ambionics Security team had the chance to audit Oracle PeopleSoft solutions. PeopleSoft applications contain a lot of unauthenticated endpoints with several not well documented XXE vulnerabilities. We'll show how you can get a full SYSTEM shell from that.

06 April, 2017
  • Posted By Charles Fol
  • typo3 module sqli news exploit vulnerability details

TYPO3 News module SQL Injection

Full Article

Ambionics Security team discovered a pre-authentication SQL Injection in TYPO3 News module. This module is the 20th most used module of TYPO3 with almost 60,000 downloads.

08 March, 2017
  • Posted By Charles Fol
  • drupal module unserialize services exploit vulnerability details

Drupal 7.x Services module unserialize() to RCE

Full Article

While working on the Drupal module Services, the Ambionics Security team discovered a critical remote code execution vulnerability.

21 February, 2017
  • Posted By Charles Fol
  • grails pdf exploit vulnerability details

Grails PDF Plugin XXE

Full Article

Some times ago the Ambionics team encountered a very old instance of Grails which contained a plugin to generate PDFs from Groovy templates. Upon looking for the plugin's source code we discovered an XXE vulnerability.

20 January, 2017
  • Posted By Charles Fol
  • joomla exploit vulnerability details

CVE-2016-9838 - Joomla! Account Takeover & Remote Code Execution

Full Article

As a new year comes, it is a good time to review two high impact vulnerabilities that were discovered four years apart, but that are in fact rooted in the same piece of code.