Friday, January 27, 2023

No Result

View All Result

Home
Exploits
Secure Web Gateway 10.2.11 Cross Site Scripting

Inout Jobs Portal 2.2.2 Cross Site Scripting

Inout Jobs Portal 2.2.2 SQL Injection

Inout Music 5.1.1 SQL Injection

Cacti 1.2.22 Command injection

Inout Search Engine 10.1.3 Cross Site scripting

Inout Homestay 2.2 SQL Injection

Active eCommerce CMS 6.5.0 Cross Site Scripting

ERPGo SaaS 3.9 CSV Injection
Trending Tags
Hacking News

TROJANPUZZLE Attack Forces AI Assistants to Suggest Rogue Coding

Multiple Vulnerabilities Found In Samsung Galaxy App Store App

Researchers Find Class Pollution-A Prototype Pollution Variant That Affects Python

Be on the lookout for this AnyDesk Phishing campaign that delivers Vidar info stealer

Brave Browser turns your device into a proxy for others via “Snowflake” Feature

This tool, “telerwaf”, protects go apps from web-based attacks

Microsoft Patch Tuesday, January 20,23 with 98 Bug Fixes

Multiple bug fixes released by Qualcomm and Lenovo

Fortinet Patched Multiple Vulnerabilities In FortiADC And FortiTester
Hacking Tools
Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

Here are some tips for students to help protect their data privacy

Client-Side Exploitation [FREE COURSE VIDEO]

What Common Security Problems Are Cloud-Based Networks?

Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

OSINT Fundamentals [FREE COURSE CONTENT]

Monitor Docker containers metrics and other events

Management of vulnerability with Wazuh Open Source XDR

Seven Tips for Building a Banking App That is User-Friendly
Trending Tags
Hacking Tutorials

Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

Here are some tips for students to help protect their data privacy

Client-Side Exploitation [FREE COURSE VIDEO]

What Common Security Problems Are Cloud-Based Networks?

Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

OSINT Fundamentals [FREE COURSE CONTENT]

Monitor Docker containers metrics and other events

CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability

Management of vulnerability with Wazuh Open Source XDR
Kali Linux
The Terminal Application Cypherhound contains 260+ Neo4j Cyphers for BloodHound DataSets

Subparse: Modular Malware Analysis Artifact Collection And Correlation Framework

AzureHound : Azure Data Exporter For BloodHound

Xerror is an automated penetration testing tool with GUI

Mongoaudit is an audit and pentesting tool for MongoDB databases

ADFSRelay – Proof of Concept Utilities Developed For Researching NTLM Relaying Attacks Targeting ADFS

Azure Sentinel protects Kubernetes deployments

Reconator Automated Recon For Pentesting and Bug Bounty

Kali Linux (is!) Everywhere
Trending Tags
Security

New Python Malware Targeting Windows Devices

Blank Image Attack: Blank Images Used to Evade Anti-Malware Checks

Ticketmaster: Taylor Swift ticket sales disrupted by bot-driven attack

U.S. Sues Google for Dominance Over Digital Advertising Technologies

New Wave of Cyberattacks Targeting MS Exchange Servers

GoTo’s LastPass Breach: Encrypted Customer Data Taken

Top FinTech API Security Challenges

Micorosft down – Xbox Azure, MS365, and MS Teams

Wireshark 4.0.3 is now available – What’s new?
Advertise

No Result

View All Result

SS7 SMS Intercept

SS7 SMS Intercept

SS7 SMS Intercept

Home Exploits

Drupal H5P Module 2.0.0 Zip Slip Traversal

by Ineedhack

December 5, 2022

in Exploits

79

SHARES

493

VIEWS

Share on Facebook Share on Twitter

Kripkey Spy Phone

Kripkey Spy Phone

Kripkey Spy Phone

——————————————————————
Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability

——————————————————————

[-] Software link:

https://www.drupal.org/project/h5p

[-] Versions Affected:

Version 2.0.0-alpha2 or earlier versions

Version 7.x-1.50 or earlier versions

[-] Vulnerability Description

The vulnerability is located within the H5PValidator::isValidPackage()

method. To skip files or to perform the next check,

Folder starting with an underscore or dot within the uploaded H5P

archive:

891. $fileName = $zip->statIndex($i)[‘name’];

892.

893. if (preg_match(‘/(^[._]|/[._])/’, $fileName) !== 0) {

894. Continue; // Do not open any files or folders that start with an. or _

894. }

The regex should suffice to stop path traversal attacks.

zipped filenames (Zip Slip Attacks), as it verifies for the

String “/.” in the filename to prevent directory traversal

attacks. Drupal running on an unprotected host is vulnerable.

Windows Server, as in this instance the attacker could provide a

Malicious h5p archives containing filenames with path traversal

Sequences such as “……”, would be able to bypass the regex checks.

You can use this to overwrite or write semi-arbitrary files.

The file system is accessed via directory traversal sequences. This could lead to

To Stored Cross-Site Scripting, (XSS), and other types of attacks.

[-] Solution:

Currently, there is no official solution.

Disclosure Timeline

[22/11/2021] – Vendor notified

[28/02/2022]- Vendor suggested a patch

28/02/2022 – Vendor was notified of the ineffective patch.

Fix suggestion

[01/03/2022] — Vendor repaired the prior patch

[30/03/2022]- A question update on the public disclosure of and publication of a

patch, no response

22/11/2022 – Official solution still not available after one year

[03/12/2022] Public Disclosure

[-] CVE Refer:

Common Vulnerabilities and Exposures Project (cve.mitre.org).

This vulnerability has been identified by CVE but no CVE ID.

[-] Credits:

Egidio Romano discovered vulnerability.

[-] Additional References

https://security.drupal.org/node/175968

[-] Original Advice:

http://karmainsecurity.com/KIS-2022-06

Tags: hack news hacking software hacking tips hacking tools hacking tutorials instagram hack jpg exploit sms exploit

Ineedhack

Next Post

Information about Israeli employees from 29 logistics firms sold online

No Result

View All Result