About Me
YoKo has spent more than 9 years (from total of more than 12 years) in information security field, focused in risk from security testing point of...
July 25, 2014
Tagged: About Me
Search
Recent Posts
- From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration
- From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response
- From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World
- If Allah willed it, will be back soon!
- 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)
- CVE-2019–18624 – Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO)
- Race Condition that could Result to RCE – (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3)
Categories
- About Me (3)
- Achievements (2)
- Bug Report (26)
- Desktop Apps (4)
- Mobile Apps (5)
- Random Things (8)
- Terms of Use (1)
- Web Apps (17)
- Write-Up (16)
- Write-Up in Bahasa (4)
Latest Tweets
Speaking of Exchange, we took another look at Exchange CVE-2020-0688 (any user -> SYSTEM on OWA).
It's STILL 61% unpatched.
This is dangerous as hell and there is a reliable Metasploit module for it.
See the UPDATED information on the ORIGINAL blog:
https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/
Jailbreaking iOS without a Mac (1/4): The Plan
https://medium.com/bugbountywriteup/jailbreaking-ios-without-a-mac-1-4-the-plan-b49c0edc1759
Dropbox Escalation of Privileges to SYSTEM on Windows
https://dreamlab.net/en/blog/post/dropbox-escalation-of-privileges-to-system-on-windows/
Two different RCE bugs in #IBM #WebSphere are detailed by @zebasquared in his latest blog. Read the root cause and see video demos of CVE-2020-4464 and -4448 at https://bit.ly/33eQK2S