Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ImpressCMS: from unauthenticated SQL injection to RCE

From: Egidio Romano <n0b0d13s () gmail com>
Date: Sat, 26 Mar 2022 02:31:15 +0100
Hello again,

Just wanted to let you know I updated the blog post with some more details:
apparently, this technique could be abused to bypass WAFs such as OWASP
ModSecurity CRS (Paranoia Level 1) and Cloudflare, check it out!

/EgiX

On Wed, Mar 23, 2022 at 3:07 PM Egidio Romano <research () karmainsecurity com>
wrote:


Hello list,

I'd like to share with you my latest blog post. Hope you may find this
SQL injection exploitation technique interesting and potentially useful
for your penetration tests. Enjoy it!

Link:
http://karmainsecurity.com/impresscms-from-unauthenticated-sqli-to-rce

Best regards,
/EgiX
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: