Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

Via Giosuè Carducci, 21 - Pomigliano d'Arco (Italy)
Paseo Montjuic, número 30 - Barcelona (Spain)

info@hacktivesecurity.com

+39 06 8773 8747

Application Security

SA-CONTRIB-2021-036 NotSoSAML – Privilege Escalation via XML Signature Wrapping on MiniorangeSAML Drupal Plugin

This is a brief story about how we found a vulnerability on a drupal plugin that, when not configured correctly, could allow an authenticated user to perform a privilege escalation attack on the Drupal platform. This plugin, as stated in the usage section of the drupal website, is used by roughly 522 websites in the […]

Application Security

CVE-2020-35749 – Authenticated Directory Traversal Simple Job Board WordPress plugin version < 2.9.3

During our research activities we discovered an authenticated local inclusion in the Simple Job Board WordPress plugin. The Simple Job Board WordPress plugin has reached over 20,000 active installations and an excellent reputation in terms of reviews, allowing the simple and efficient management of job offers.[1] Directory traversal allows an attacker to step out of […]

Application Security

Matrix Synapse 1.12.3 – SSRF and Cache poisoning

tl;dr The Matrix Synapse servers have been found affected by a security issue about the lack of a validation system for “Server-to-server” API leading to SSRF and Cache poisoning subsequently marked by the team as “feature” or “intended”.In short, a malicious user, if not specifically denied by configuration files, could effectively load malicious content using what is […]

Application Security

A true story of mobile device geolocation

TL;DR During the monthly research activity, in accordance with the relative Respnsible Disclosure program, we found and went in depth with an interesting security issue allowing geolocation of mobile devices using TIM, an Italian communication provider. A malicious user could find the TIM customers geo-position by forcing the approval mechanism to allow the geopositional tracking. By […]

Application Security

Rusty Joomla RCE

Introduction During one of our research activities, we discovered an undisclosed PHP Object Injection on Joomla CMS from the release 3.0.0 to the 3.4.6 (releases from 2012 to December 2015) that leads to Remote Code Execution.A PHP Object Injection was discovered in the wild and patched in the 3.4.5 version (CVE-2015-8562), however, this vulnerability depends also a lot on […]

Application Security

Prestashop <= 1.7.6.0 RC 1 - Insecure Direct Object Reference

During a security assessment, we found an Insecure Direct Object Reference on Prestashop. In particular, the finding could allow an attacker to leak personal information such as first name, last name, phone number, shipping and invoice address. This vulnerability affects all versions before v1.7.6.0 RC2 and was referred as BUG FIX #14444 in the Changelog. (changelog_1.7.6.0-rc2.txt) The vulnerability […]

Receive the latest news

Subscribe To Our Newsletter

Get notified about new articles