Info Sec & Developers Blog

 Dear Reader, From last two days I was extremely annoyed by Windows10 and my Lenovo L490, The issue was my WIFI started disconnecting after every few minutes or sometimes after an hour.  I have tried every method which was suggested over internet below are the methods I have performed. 1. Uninstalling the WIFI driver from device manager and restart the system, the driver got installed automatically after restart but it solve the issue temporarily and the WIFI started disconnecting after an hour. 2. My laptop was connected to 5GHz WIFI, so tried to connected to 2.4GHz, Still the same issue. 3. Downloading new WIFI driver from Lenovo website and installing it, still the same issue. 4. Turning of the option "Allow computer to turn off this device for power saving" details are mentioned below how to turn of.  5. Re-setting the netsh winsock by entering below two commands in CMD (Run As Administrator) but Same issue. -> netsh winsock reset -> netsh int ip reset  6. Performin

This post is related to CSV injection in netskope Admin UI (Version 75.0) where an unauthenticated user can inject malicious payload in audit logs of admin portal and once the admin extract and open the report, the malicious payload will be executed. CVE ID : CVE-2020-28845 Test case : The audit logs consist of login attempts which includes username, for test case I have injected a non-malicious payload in username field, this payload was reflecting in audit logs and was executed once we download and open the report. Exploitation :  In below screenshot you can see a sample csv injection payload and a dummy password. To verify if our payload is reflecting in Audit logs of admin portal, we logged-in as an admin and in below screenshot our payload can be seen    Admin of Netskope admin extracted and downloaded the report.  Admin opens the downloaded reported and our payload got executed. This Vulnerability has been fixed now in the latest version of NetSkope and CVE ID : CVE-2020-28845 ha

Dear Reader, I was able to identify stored XSS in multiple web base modules of Ericsson BSCS iX R18 Billing & Rating platform  Below are its details: # Software description: Ericsson Billing is a convergent billing solution for telecoms that combines an unrivaled combination of out-of-the box features and high configurability. As an evolution of the widely-installed Ericsson BSCS iX, Ericsson Billing provides a low-risk but effective route to capture and secure revenue streams and take advantage of business opportunities from both traditional telecom services as well as digital services, 5G and IoT. # Technical Details & Impact: There are multiple web base modules in BSCS iX e.g. ADMX, MX (monitoring center), CX etc. It was observed that ADMX and MX are vulnerable to stored XSS, In most test cases session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admin's browsers using beef

Dear reader, Few days before I was testing Kibana in my organization which is using kibana version 6.6.1, while testing I was able to find a csv injection in dashboard tab, there was No CVE or any other information about this specific vulnerability, So I have reported this issue to Kibana which will be fixed soon as a security hardening feature. Let's start with the POC of this vulnerability.  Below are the steps to reproduce. 1.      Large number of the Kibana portal on internet is open and has no authentication and can be exploited by this injection. 2.      Click on Dashboard tab and select any dashboard from the list. I would suggest to select the dashboard which has gauge visualization type as shown in below screenshot. 3.      Once you are on dashboard click on Edit button on top right .   4.      Click gear(options) button of any graphical view box. 5.      It will open a options box click on edit visualization 6.      It will open the