Unauthenticated RCE in Agorum Core Open!

During their regular security analyses, our pentest professionals from #usdHeroLab examined the open source software #AgorumCoreOpen.

They discovered multiple #vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.

📰👉 Detailed information on the published #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-on-agorum-core-open/

#Pentest #Pentesting #moresecurity #RCE #CyberSecurity #InfoSec

🔍 Our professionals at the usd HeroLab have closely examined the software #Vtiger. They discovered two vulnerabiltiies that allow low-privileged authorized users to upload files and thereby execute arbitrary code.

👉 You can find more information in the full security advisories: https://www.usd.de/en/security-advisories-vtiger/

#SecurityAdvisories #Pentest #Pentesting #moresecurity

With the help of this utility we were able to identify all potentially interesting files and download those first to increase efficiency in our analysis. It's now also available on our company GitHub organization: https://github.com/usdAG/webtree.

🔔 Follow us for #moresecurity
🔁 Also, boost the first toot to spread the word!

As we highly support open source and the idea behind it, we'll investigate how to use this tool and ways to contribute to it in the future. Stay tuned for updates.

🔔 Follow us for #moresecurity
🔁 Also, boost the first toot to spread the word!

Proud of our colleagues Tobias ans Nicolas who spoke at the German #OWASP Day!
https://chaos.social/@c3voc_releases/113476273411466531

#SAP #InfoSec #CyberSecurity #Pentesting #MoreSecurity

Version 1.3.1 of the #CSTC was released on May 22! It contains lots of new features, improvements and contributions from the community. The CSTC will also be part of the BlackHat USA 2024 Arsenal Labs, looking forward to seeing you! #BHUSA #usdHeroLab #moresecurity https://github.com/usdAG/cstc

Ladies and Gentlemen! Here it comes, the

AIR-GAPPED CLOUD INFRASTRUCTURE

https://www.heise.de/news/Cloud-Anbieter-Ionos-ergattert-mit-Air-Gapping-Grossauftrag-der-Bundesverwaltung-9672441.html

#cloud #cyber #cybercyber #security #moresecurity #airgapped #hackerproof.

#Announcement: On Friday, our #usdHeroLab colleagues published a major release of our BurpSuite Plugin #FlowMate: https://github.com/usdAG/FlowMate/releases/tag/v1.1

During BlackHat USA 2023 and DEF CON 31, our colleagues received a lot of helpful feedback on their #tool: The new version 1.1 contains bug fixes and some new features. In our video, Florian Haag explains the advantages and possible use cases in the context of #WebApplication #Pentests: https://www.youtube.com/watch?v=BJhRhGmDATw

#CheckItOut #Security #Pentesting #Hacking #Tools #Community #moresecurity

Our #usdHeroLab #Pentest professionals analyzed #IBMQRadarSIEM during their pentests.
1⃣Vulnerability Type: Cross-site Scripting #CWE79
🚨Security Risk: Medium
🔎CVE number: CVE-2023-43057
👇More Details

🧐IBM QRadar SIEM is a security information and event management platform developed by IBM that provides advanced threat detection for its users. The vulnerability can be used to perform actions on behalf of other users.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻​👨‍💻​👇

https://herolab.usd.de/en/security-advisories/usd-2023-0032/

Ever wondered how attackers can break out of the #Citrix encapsulation and infiltrate the underlying system? It becomes a critical issue when IT environments lack proper virtualization readiness. Addressing these attack vectors requires a special approach. Dive into our latest #LabNews blog post to get insights into what to look out for during your #PentrationTest of virtualized applications 👨‍💻​👩‍💻​👇​
https://herolab.usd.de/en/pentest-virtualized-applications-citrix-breakout-test/

#moresecurity #usdHeroLab #CitrixBreakOut #CitrixSecurity

Our #usdHeroLab #Pentest professionals analyzed #GibbonEdu during their pentests.
1⃣Vulnerability Type: Arbitrary File Write #CWE434
🚨 Security Risk: Critical
🔎CVE number: CVE-2023-45878
🧵👇 More Details

🧐 Gibbon Edu is an #opensource educational software designed for #schools and #institutions to manage their administrative and academic processes. It offers a range of features to facilitate communication, collaboration, and organization within the educational community.

The identified vulnerability allowed unauthenticated attackers to upload arbitrary files to the application and receive code execution on the underlying system. To receive #RCE an attacker must craft a fake image which can be stored as PHP file.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 🧑‍💻👩‍💻👇
https://herolab.usd.de/security-advisories/usd-2023-0025/

The #usdHeroLab analysts examined #ThingsBoard while conducting their #pentests.
1⃣Vulnerability Type: Server-Side Template Injection
🚨Security Risk: High
🧵👇 More Details

🧐ThingsBoard is an open-source IoT platform for data collection, processing, visualization, and device management.

During an assessment a Server-Side Template Injection (SSTI) vulnerability has been discovered. It enables attackers to dynamically create and modify templates, that are used for automated generation of mail content, which results in the execution of arbitrary system commands.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻​👨‍💻​👇

https://herolab.usd.de/en/security-advisories/usd-2023-0010/

The #usdHeroLab analysts examined the Content Management System #Contao while conducting their #pentests.
1⃣Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)
🚨 Security Risk: Medium
👇More details

🧐Contao is an open source Content Management System that allows you to create professional websites and scalable web applications.

The vulnerability enabled attackers with a low-privileged role to use a modified HTTP request to create an article with a JavaScript payload of their choice, which was client-triggered on the frontend and backend. For example, such an attack could upgrade a low-privileged account to an administrator account.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻👇

https://herolab.usd.de/en/security-advisories/usd-2023-0020/

The #usdHeroLab analysts examined the #SAP HTTP Content Server while conducting their #pentests.
1⃣Vulnerability Type: Improper Neutralization of HTTP Headers for Scripting Syntax #CWE644 #CVE202326457
🚨 Security Risk: High
👇🧵 More details

The SAP HTTP Content Server returns error messages in the header x-errordescription of the #HTTP Response. When invalid input is provided in a HTTP request, it is also placed in the error message inside this header.

During this process the input is URL-decoded, therefore for example %41 is translated to A and %0a is translated to a newline. This enables an #attacker to add new headers and change the content of the response.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻​👨‍💻​👇​
https://herolab.usd.de/security-advisories/usd-2022-0046/

The #usdHeroLab analysts examined the #SAP Partner Portal while conducting their #pentests.
1⃣ Vulnerability Type: Improper Neutralization of Input During Web Page Generation #CWE79 #CrossSiteScripting
🚨 Security Risk: High
👇🧵 More details

In cases where users do not have sufficient permissions to view a specific URL within the #SAP Partner Portal, they get redirected to an error page. During this redirection, the requested URL is passed to the error message as a parameter without any filtering or encoding.
Therefore it is possible to include HTML-Tags and JavaScript in the URL, making it possible for malicious actors to launch #XSS attacks.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻👇​
https://herolab.usd.de/security-advisories/usd-2023-0017/

The #usdHeroLab analysts examined the #opensource software #TineGroupware while conducting their #pentest.
1⃣ Vulnerability Type: #SQL Injection (CWE-89)
🚨 Security Risk: Critical
👇🧵 More details

#TineGroupware is an #opensource software that provides a suite of collaborative tools and applications for communication and project management within a business or organization.

🧐​During the research on open open source software, our #PentestProfessionals discovered that the sort parameter of the /index.php endpoint is vulnerable to SQL injection.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻🧑‍💻 👇
https://herolab.usd.de/security-advisories/usd-2023-0002/

In 11 days, the first #MCTTP - MUNICH CYBER TACTICS, TECHNIQUES AND PROCEDURES will take place, a conference for security professionals and #CISOs that aims to create future-proof #CyberSecurity in companies. Our colleagues Nicolas Schickert and Tobias Hamann from the #usdHeroLab will share their experiences about #SAP pentests there, as the SAP system landscape is the heart of many companies.

#moresecurity

https://www.usd.de/en/presentation-mcttp-sap-from-an-attackers-perspective/

7 days. 3 security analysts. 2 conferences. 4 presentations. 3 tools. An exciting week at #BlackHat and @defcon lies behind our #usdHeroLab colleagues Florian, Nicolas and Matthias. Back in Neu-Isenburg, they share their experiences and highlights.

#tool #FlowMate #sncscan #CSTC #moresecurity

https://www.usd.de/en/retro-of-black-hat-and-def-con-2023/

Understanding a Hacker's Mind. who doesn't wish for it? Our usd AG Advanced Seminar makes it possible. Only if you know and understand the relevant #threats in IT environments, you can take effective countermeasures. Experienced security analysts from the #usdHeroLab will use theory and a lot of practice to show you the intentions and methods of a #hacker and how to protect your #systems in the best possible way.

Due to the great interest in the 1st half of the year, we are offering another date of the two-day attendance seminar in September.
👉​https://www.usd.de/cst-academy/events/usd-seminar-understanding-hackers-mind/

#UnderstandingAHackersMind #CSTAcademy #moresecurity

The #usdHeroLab analysts examined the centralized management tool #WindowsAdminCenter while conducting their security analyses.
1⃣ Vulnerability Type: Cross-Site Scripting (CWE-79)
🚨 Security Risk: High
👇 More details

🧐Windows Admin Center is a centralized management tool developed by Microsoft for IT administrators to manage and monitor Windows Server and Windows 10 systems.

The vulnerability enables an attacker to persist a JavaScript code in the application. The vulnerability can be used to perform actions on other users behalf.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩‍💻🧑‍💻 👇
https://herolab.usd.de/en/security-advisories/usd-2022-0028/