Writing data to the output buffer before deciding that the response to the current HTTP request should actually be a redirect (for example when an unauthenticated user is not allowed to access some content) is an issue not exclusive to PHP but a relatively easy mistake to make in this environment. After not having been exposed to PHP in quite a while I recently did a security assessment of a PHP application again. During the test this exact issue popped up again, so I want to give a short description on how and why this can lead to information leaks. ...

A couple of months ago I looked more deeply into the “Import Records” functionality in FileMaker, especially the XML parsing, and was wondering if any XXE vulnerability may exist and how one could exploit this in technically interesting ways. The vulnerability is/was indeed there and can lead to local file disclosure and server side request forgery in various components of the FileMaker platform. The following is a description of the vulnerability including potential exploitation paths. ...

I was working with a fairly simple Dockerfile, defining an entrypoint and always got a “not found” error when trying to run the container. My Dockerfile looked something like this: FROM python:3.9-alpine [...] WORKDIR /app COPY . /app RUN ["chmod", "+x", "./entrypoint.sh"] ENTRYPOINT ['./entrypoint.sh'] Building the image worked without issues, but running the container was giving me the mentioned error: $ docker build -t what/ever:latest [...] $ docker run --rm what/ever:latest /bin/sh: [./entrypoint.sh]: not found I made sure that my entrypoint.sh file actually existed by overriding the entrypoint and inspecting the container: ...

A couple of days ago I took the exam for the CRTP (Certified Red Team Professional) certification by Pentester Academy. In this review I want to give a quick overview of the course contents, the labs and the exam. Course Contents Attacking and Defending Active Directory is the accompanying course for the CRTP certification and it covers – as the name suggests – various common attack vectors and persistence techniques in Windows AD networks. The course also gives an overview of the defensive measures you can take – from more high-level explanations of privilege separation models to deploying decoy objects in the environment for deception. ...

This is a write-up of today’s retired Hack The Box machine Buff. Buff was a fun 20 point box that included exploitation of a known vulnerability in a gym management web app and a classic buffer overflow for getting an administrator shell. In my opinion doing this machine can also serve as a good practice if you plan on doing something like the OSCP or eCPPT certification and still need practice targets for the binary exploitation / buffer overflow part. ...