Olivia
Online
Kai Ullrich
@kaidentity
Joined January 2013
25 Following
80 Followers
14 Posts
How the search for deser bugs in #SAP sent @kaidentity down a rabbit hole where he winded up stumbling upon a completely unrelated unauth'ed admin access #CVE-2021-21481 https://t.co/Pk6F4lnpcA
Unauth'd admin access to #SAP #Netweaver? Our very own @kaidentity has you covered, see #CVE-2021-21481 and SAP Security Note 3022422. Better patch than sorry. Our customers got their heads-up already and we'll publish a detailed blog post when appropriate.
@TwitterSupport I truly cannot fathom why this access would ever even exist. This is like an employee having access to unencrypted credit card or bank account numbers. Companies know not to do this. How did Twitter not know this was unacceptably risky??
@timstrazz @CVEnew @4Dgifts @typo3 Maybe this helps: https://t.co/ujLVG2WD1y
Or read some documentation about the Extbase framework. Without basic TYPO3 architecture knowledge you probably can't understand.
@timstrazz @CVEnew @4Dgifts @typo3 An extension might want to make its controller actions accessible to anonymous callers, like some kind of API. The problem here was that you could make the extension call every controller action of every extension in the system. Now it's been restricted to its own controllers.
@timstrazz @CVEnew @4Dgifts @typo3 The fix makes sure you can only call actions of controllers from the very same extension (and I think there is only one controller). In order to exploit this, you need be able to call controller actions from core extensions. Setting $vendorName=SRBR prevents this.
TYPO3-EXT-SA-2019-018: Remote Code Execution in extension "freeCap CAPTCHA" (sr_freecap)
https://t.co/1J57DwjOjD
It is always good to take a 2nd look at existing vulns. So @mwulftange found a new rock-solid exploitation technique for the Telerik UI framework (hint: affects an Avast product ;) Enjoy: https://t.co/eNThRTpoCT #CVE-2017-11317
Write-ups on three recent WebLogic #javadeser RCEs (translated from chinese):
https://t.co/bj9sMw8Iyc
https://t.co/EDYpZh09sm
We have published the RichFaces vulnerability details on the @codewhitesec blog at https://t.co/nhicitJFcU
Interested in Advanced Java Exploitation? Check out our new blog post about exploiting Adobe ColdFusion https://t.co/P4CeL7HU0n
Check out my post about handcrafted gadgets and a groovy 2.4.5 gadget https://t.co/uP7fVyYqVz
Last Seen Users on Sotwe
İstanbul yarak Sik
Seen from Turkey
قمر صنعاء
Seen from Germany
Diana y Luna 🇵🇪
Seen from Mexico
RadioBisbeSivilla
Seen from Italy
魂隐
Seen from United States
เล่ห์(ลุง) หลง(ลุง) เสน่ห์(ลุง...ลุง)😍
Seen from Thailand
cappakkopi
Seen from Indonesia
aşk adamı
Seen from Turkey
ı'ɱ ʂཞ...👑
Seen from Thailand
Khang Nguyễn
Seen from Vietnam
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers