Viktor Markopoulos

Mar
06

Remote Stealth Brute-force of Oracle Database Passwords

During an internal penetration test we discovered an Oracle database of version 11g Release 2 in the client’s network.
8 min read
Nov
29

Brocade Fabric OS ≤ v8.0.2c rbash escape to read system files

Broadcom offers a number of products and networking solutions such as switches, extensions etc. These products come with their own
1 min read
May
19

Gaining access through error-based SQLi using WebSockets

Introduction In the previous Pwning the portal blog post, we extracted the source code of a corporate login portal through
4 min read
Jan
12

Pwning the portal: from database dump to session hijacking

Introduction I find that doing bug hunting and responsible disclosure is a nice practical way to “learn by doing” for
5 min read
Oct
15

Misusing BeyondTrust Remote Support Leads To Data Exposure

BeyondTrust (former Bomgar) is a security firm, offering access management solutions to a large number of companies, “including half of
4 min read
Sep
08

Hacking WordPress Plugins Part 2 - Open Redirect [CVE-2021-24288]

AcyMailing [https://www.acymailing.com/] is a newsletter subscription WordPress plugin with more than 30.000 total downloads and more
4 min read
Aug
17

Hacking WordPress Plugins - Authenticated Shell Upload [CVE-2021-24347]

SP Project & Document Manager [https://wordpress.org/plugins/sp-client-document-manager/] is a WordPress plugin developed by Smarty Pants, with over 301.
4 min read