Sicuranext Blog

Sign in Subscribe

Breaking Down Multipart Parsers: File upload validation bypass

Breaking Down Multipart Parsers: File upload validation bypass

TL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass validation. We'll test various bypass techniques against PHP, Node.js, and Python parsers, as well

Hunt3r Kill3rs and the Italian Critical Infrastructure risks

Hunt3r Kill3rs and the Italian Critical Infrastructure risks

A new cyber-criminal group known as Hunt3r Kill3rs has recently emerged, claiming responsibility for a series of attacks on critical infrastructure with the final political goal of attacking Israeli companies and Israeli allies. This group has primarily focused on industrial control systems (ICS), communication networks, and vulnerable web applications. Their

Medical Devices Exposed

Medical Devices Exposed

Medical devices, ranging from pacemakers to infusion pumps, have traditionally been designed with a singular purpose: to improve patient care and outcomes. Yet, as these devices become more interconnected through the Internet of Medical Things (IoMT), the cybersecurity landscape surrounding them has grown increasingly complex. In the Healthcare landscape there

Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule

Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule

TL;DR: Basically, if a target website is protected by a WAF using the OWASP Core Rule Set or Comodo Rule Set or Atomicorp Rule Set, you can send the string ORA-1234 or OracleDrive or ASL-CONFIG-FILE in a comment, product review, registration form, e-commerce order details, etc... to prevent the

ModSecurity: Path Confusion and really easy bypass on v2 and v3

ModSecurity: Path Confusion and really easy bypass on v2 and v3

TL;DR both ModSecurity v2 and v3 share a similar bug that can result in a really simple WAF bypass. The bug in the v3 branch has been fixed in version 3.0.12 and has been assigned the CVE number CVE-2024-1019. However, the bug in the v2 line remains

Emails and barcodes: a phishing story

Emails and barcodes: a phishing story

TL;DR If you open an email and see a QR code and some pressing message about something you’re supposed to do, doubt the source of the email. Microsoft won’t ask you to “verify the security of your account” via QR code. Neither will Google, nor Amazon, nor

OT Exposed Italy

OT Exposed Italy

OT (Operational Technology) consists of in a complex network of ICS (industrial control system). The ICS describes several types of control systems and associated instrumentation used for industrial process control. It includes systems like PLC (Programmable logic controller) , HMI (Human machine interface), DCS (Distributed control system) and SCADA (Supervisory Control

How attackers fingerprint your WordPress website

How attackers fingerprint your WordPress website

Attackers have quite a few sneaky ways to gather information from your WordPress website. They can get their hands on details like the WordPress version you're using, the active plugins and their versions, and even info about your active users. In this article, we'll take a

AWS WAF Bypass: invalid JSON object and unicode escape sequences

AWS WAF Bypass: invalid JSON object and unicode escape sequences

In recent times, the security community has been witnessing an increasing number of reports from researchers highlighting various bypass techniques targeting AWS Web Application Firewall¹. These bypasses have brought to light not only the absence of certain critical features but also the reliance on default configurations commonly used with both

Unleashing the Power of Data: Indexing Over 15 Million WordPress Websites with PWNPress

Unleashing the Power of Data: Indexing Over 15 Million WordPress Websites with PWNPress

We are excited to share a significant milestone achieved by PWNPress in our relentless pursuit of enhancing WordPress security. Leveraging the extensive Common Crawl dataset and pushing the boundaries of data analysis, we successfully indexed over 15 million WordPress websites. This endeavor involved parsing the entire Web Archive Text (WAT)

PWNPress: collect vulnerable WordPress websites over internet

PWNPress: collect vulnerable WordPress websites over internet

PWNPress is an innovative service that harnesses the power of data and cutting-edge technologies to identify vulnerabilities and misconfigurations in WordPress websites. Our mission is to empower website owners, developers, and security professionals with actionable insights that help fortify their WordPress installations and protect their digital assets. In today’s

Building Octofence WAAP Cache System & CDN: Lessons Learned and Best Practices

Building Octofence WAAP Cache System & CDN: Lessons Learned and Best Practices

Caching is a critical component of any modern application, enabling fast and efficient delivery of content and data to users. However, finding the right caching solution can be a challenge, particularly when existing off-the-shelf solutions don’t meet your specific needs. In this article, we’ll share our experience of

Why text/plain is evil for Web Application Firewall and Input validation

Why text/plain is evil for Web Application Firewall and Input validation

When sending an HTTP request that includes a message body, it’s essential to specify the type of the data being sent. This is because the server (or the web application) needs to know how to interpret the content of the message body to process it correctly. Moreover, a Web