Acknowledged by Apache Friends

For reporting a issue with HTTP methods my name got published in the About section under Security.



Acknowledged by Altervista

I usually don’t write about  XSS issues in websites but since this was a hard hunt I thought of writing a bit. The web application was okay with user input  but I did not give up. After some time I figured out that the “target” parameter in the login form was not properly sanitized and no CSRF tokens were used in the login process. Therefore I was able to build a successful POST XSS exploit. (more…)

Bandizip Multiple Vulnerabilities

All these issues are patched in Bandizip 3.10 after a responsible disclosure done to the vendor.

Overview of Bandizip

Bandizip is a Lightweight, Fast and 100% free All-In-One Zip Archiver. It has a very fast Zip algorithm for compression & extraction with Fast Drag and Drop, High Speed Archiving, and Multi-core compression. It handles the most popular compression formats, including Zip, 7z, Rar, and so on.

Arbitrary DLL Injection Code Execution

Bandizip 3.09 and below version are affected with a DLL hijacking issue in which the application loads dwmapi.dll in an insecure manner.  This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share. 1 You can clearly see dwmapi.dll is being searched by the application in the current directory as a result of loading it in an insecure manner.

Proof of Concept (more…)