Polygonal Background

Recent Posts

04 July, 2017
  • Posted By Charles Fol
  • php exploit vulnerability unserialize library gadget

PHP Generic Gadget Chains: Exploiting unserialize in unknown environments

Full Article

We're introducing a new tool to generate unserialize() payloads easily from common libraries.

17 May, 2017
  • Posted By Charles Fol
  • oracle peoplesoft xxe exploit vulnerability details system shell

Oracle PeopleSoft Remote Code Execution: Blind XXE to SYSTEM Shell

Full Article

Few months ago Ambionics Security team had the chance to audit Oracle PeopleSoft solutions. PeopleSoft applications contain a lot of unauthenticated endpoints with several not well documented XXE vulnerabilities. We'll show how you can get a full SYSTEM shell from that.

06 April, 2017
  • Posted By Charles Fol
  • typo3 module sqli news exploit vulnerability details

TYPO3 News module SQL Injection

Full Article

Ambionics Security team discovered a pre-authentication SQL Injection in TYPO3 News module. This module is the 20th most used module of TYPO3 with almost 60,000 downloads.

08 March, 2017
  • Posted By Charles Fol
  • drupal module unserialize services exploit vulnerability details

Drupal 7.x Services module unserialize() to RCE

Full Article

While working on the Drupal module Services, the Ambionics Security team discovered a critical remote code execution vulnerability.

21 February, 2017
  • Posted By Charles Fol
  • grails pdf exploit vulnerability details

Grails PDF Plugin XXE

Full Article

Some times ago the Ambionics team encountered a very old instance of Grails which contained a plugin to generate PDFs from Groovy templates. Upon looking for the plugin's source code we discovered an XXE vulnerability.

20 January, 2017
  • Posted By Charles Fol
  • joomla exploit vulnerability details

CVE-2016-9838 - Joomla! Account Takeover & Remote Code Execution

Full Article

As a new year comes, it is a good time to review two high impact vulnerabilities that were discovered four years apart, but that are in fact rooted in the same piece of code.