/tags/cve/ Recent content in CVE on Saksham Anand Hugo -- gohugo.io en-us Wed, 03 Nov 2021 00:00:00 +0000 /blog/cve-2021-40848/ Wed, 03 Nov 2021 00:00:00 +0000 /blog/cve-2021-40848/ Mahara is an electronic portfolio system that is used as an eLearning tool by education institutions around the globe. The software contains the ability to export records from the system into a CSV file. This blog will cover how that functionality can be abused (when inputs are not escaped correctly), to conduct local command execution (aka CSV injection). For this demonstration, two accounts will be used. The first account will be the malicious actor where CSV injection payloads are saved into editable inputs. /blog/host-header-injection-bigbluebutton/ Mon, 25 May 2020 00:00:00 +0000 /blog/host-header-injection-bigbluebutton/ Back in April, one of the systems I was testing was a video conferencing application, known as BigBlueButton, an open source challenger to Zoom. The BigBlueButton installation comes with a user friendly interface, known as Greenlight, which ties in nicely with the BigBlueButton server. While most of the corporate installations would be using LDAP authentication, at times, installation will be based on standard username and password login mechanism, which is handled by Greenlight. /blog/cve-2020-12113/ Mon, 20 Apr 2020 00:00:00 +0000 /blog/cve-2020-12113/ As part of a penetration testing project at Catalyst IT, I conducted a test on an open source video conferencing system known as the BigBlueButton, an open source challenger to Zoom. The BigBlueButton contains a closed captions module, that allows a user to manually type captions, and all users with captions enabled can see them at the bottom of the screen. While the ability to add captions is only restricted to moderator level permissions, this issue is exaggerated, as when the breakout room functionality is used, all users are granted moderator level permissions, allowing them to write captions.