Full Disclosure mailing list archives
Re: ImpressCMS: from unauthenticated SQL injection to RCE
From: Egidio Romano <n0b0d13s () gmail com>
Date: Sat, 26 Mar 2022 02:31:15 +0100
Hello again, Just wanted to let you know I updated the blog post with some more details: apparently, this technique could be abused to bypass WAFs such as OWASP ModSecurity CRS (Paranoia Level 1) and Cloudflare, check it out! /EgiX On Wed, Mar 23, 2022 at 3:07 PM Egidio Romano <research () karmainsecurity com> wrote:
Hello list, I'd like to share with you my latest blog post. Hope you may find this SQL injection exploitation technique interesting and potentially useful for your penetration tests. Enjoy it! Link: http://karmainsecurity.com/impresscms-from-unauthenticated-sqli-to-rce Best regards, /EgiX _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- ImpressCMS: from unauthenticated SQL injection to RCE Egidio Romano (Mar 23)
- Re: ImpressCMS: from unauthenticated SQL injection to RCE Egidio Romano (Mar 28)