👋🏼 introduction:This is a short write-up of how I progressed from discovering a Jenkins instance to getting shells on 8 Adobe Experience Manager servers and gaining edit access to a company's main sites. Along with this blog-post, I'm releasing a tool called jenkinz. Note: as this was a finding in…
Corben Leo
👋🏼 introduction:Recently I came across an Atlassian Crowd application while I was doing recon. If you're not familiar with Crowd, it is a centralized identity management application that allows companies to "Manage users from multiple directories - Active Directory, LDAP, OpenLDAP or Microsoft Azu…
Corben Leo
PHP Code Injection in X Cart PHP Code Injection in X-Cart.pdf 482 KB .a{fil…
Corben Leo
I was pentesting AT&T to see if I could find a vulnerability (as one does), around 4-5 days after CVE-2017-5638 was released. Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 are vulnerable to Server-Side Template Injection, which allows attackers to execute commands on any vulne…
Corben Leo
So you’ve found a page that’s vulnerable to Local File Inclusion: You do some testing to leverage this vulnerability to RCE, but nothing's working. Null bytes don't work, /proc/self/environ doesn't work, and wrappers that lead to RCE such as data:// or php://input do not work either. Don't give up…
Corben Leo