LEGAL
HACKERS

Dawid Golunski

Information Security.

Security Research.

Legal/ethical Hacking.

Penetration Testing.

Contact

e-mail  >

twitter > @dawid_golunski

Security advisories

Some of the released advisories can be found below:


  1. Git-LFS <= 2.12 Remote Code Execution (RCE) Vulnerability CVE-2020-27955
  2. Wordpress 4.6 - Unauthenticated RCE Exploit (Remote Code Execution)
  3. SquirrelMail <= 1.4.22 <= 1.4.23 Remote Code Execution (CVE-2017-7692)
  4. Zend Framework / zend-mail < 2.4.11 Remote Code Execution (CVE-2016-10034)
  5. SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)
  6. PHPMailer < 5.2.20 Remote Code Execution (CVE-2016-10045) (0day Patch Bypass/Exploit)
  7. PHPMailer < 5.2.18 Remote Code Execution (CVE-2016-10033)
  8. Nagios Core < 4.2.4 Root Privilege Escalation (CVE-2016-9566)
  9. Nagios Core < 4.2.2 Curl Command Injection / Code Execution (CVE-2016-9565 / CVE-2008-4796)
  10. Wget < 1.18 Access List Bypass / Race Condition (CVE-2016-7098)
  11. Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation (CVE-2016-1247)
  12. MySQL / MariaDB / Percona - Privilege Esc. / Race Condition (CVE-2016-6663 / CVE-2016-5616)
  13. MySQL / MariaDB / Percona - Root Privilege Escalation (CVE-2016-6664 / CVE-2016-5617)
  14. Apache Tomcat (RedHat-based distros) - Root Privilege Escalation (CVE-2016-5425)
  15. Apache Tomcat (Debian-based distros) <= 6/7/8 Root Privilege Escalation (CVE-2016-1240)
  16. MySQL / MariaDB / Percona - Remote Root Code Execution / Privilege Esc. (0day) (CVE-2016-6662)
  17. Adobe ColdFusion <= 11 XML External Entity (XXE) Injection (CVE-2016-4264)
  18. vBulletin <= 5.2.2 Preauth Server Side Request Forgery (SSRF) (CVE-2016-6483)
  19. Wget < 1.18 Arbitrary File Upload / Remote Code Execution (CVE-2016-4971)
  20. CakePHP Framework <= 3.2.4 IP Spoofing Vulnerability
  21. Exim <= 4.86.2 Local Root Privilege Escalation
  22. Google AdWords API PHP client library <= 6.2.0 PHP Code Execution
  23. Google AdWords API client libraries - XML eXternal Entity Injection (XXE)
  24. eBay Magento <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM
  25. eBay Magento <= 1.9.2.1 Unrestricted Cron Script (Potential Code Execution / DoS)
  26. Kirby CMS <= 2.1.0 Authentication Bypass via Path Traversal
  27. Kirby CMS <= 2.1.0 CSRF Content Upload and PHP Script Execution
  28. Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM
  29. Nagios - Nagios Plugins - check_dhcp = 2.0.2 Race Condition
  30. Nagios - Nagios Plugins - check_dhcp <= 2.0.1 Arbitrary Option File Read
  31. Nagios - NRPE - Nagios Remote Plugin Executor <= 2.15 Remote Command Execution
  32. Zabbix <= 1.8.1 SQL Injection
  33. Invision Power Board <= 3.0.4 Local PHP File Inclusion and SQL Injection
  34. WordPress <= 2.8.5 Unrestricted File Upload Arbitrary PHP Code Execution


PGP key

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFXIwTYBCACx+HDekh0eiPpqXZOfbrQKKrbc5VZw6dB1HSIHPXZ9ifGMhGow
T6f8+gYU4SSlN/T9KiamAzlA9Nz7QdgEcXPq8tMexKQnoCyDM0wSHqOB1en7RRTN
JdchOynTYzFWt+IBoQRGspQE1SXP2RLUwioedtDz+C21iyNMwR6OcCoCFfGV2eeZ
aFM7oCKwSz9oxCJ+D3SUv5U9AZjKFoV0B52dJVVzeaqtnO3lJi7dK8+NTNY5ML+N
3cacO9qnngoNJ/iy/AtjTdmX+XHgCuSnEbY2kh3A1uAyr5ygh1YQ7K4kG7I7AXo9
lgrzQY7/xg8+uSY0NS4kJG/OEDBxX+yhNNBhABEBAAG0J0Rhd2lkIEdvbHVuc2tp
IDxkYXdpZEBsZWdhbGhhY2tlcnMuY29tPokBOAQTAQIAIgUCVcjBNgIbAwYLCQgH
AwIGFQgCCQoLBBYCAwECHgECF4AACgkQU/e+VX9sCuRSmAf+MXvieaQiPYNgjey0
lVmvEw/+6EJ4DFZ203mLdrDwKLPSe0GrzbYyma2AA8XcWDimuhvsJLJ4Rt8j7F9W
G8kyaCh0ms/NTlSI3aI5ctcaX79WtmOLwfTo+rtl0czj/3ZMXHHnH1ky0M390VQ8
ixsk5Y53wAeTSrvN8Rwyg0x1ZHanwBmgDtFPa1ubYmFDHx/Ke1H57EvVMlyi4Yz5
vs58rqr3UNKxwoANQ0X38BGHZ7K1zObZGOwJGkuGt+K3LvBOLn7fbS1P4i6u5oIw
vJRDyq6ZWrLivkc3pypUV09jjQ9vQIRSXwhfCPwRb/U45SgnO5zTq8Ospb9qsG2E
remeaLkBDQRVyME2AQgArg35L60GCpwFjMGZ4KhHedD+ioaW08E4S9pCuxsE2kzC
D/0RfzAlKeCgvrULGCTXU4kcy3ODAeNlByEtF1SE7FlSteS1X12S4Kyn8RXhYhjI
XNwYzTGTStwprYMaRSEcIqCIAHa/dcOZzsiibf+G1phwKs7FU31TSgZrbpEjNdYO
AzFpeV7BqHoo2lMQJCDEN2EIb5KEQvNxyzFjyjHcnuJ/4GQRYF0xBcVqjoiqoedF
8Uib8WM9yFF+W21auZ+yURPp6HdqT6Cv6Qx2djpC3uKfms6VOJKBDVSiQhx/GcKh
dPAobFVDfOdeWj88v3RZyR9wwRAlur5qRVIzD75iTQARAQABiQEfBBgBAgAJBQJV
yME2AhsMAAoJEFP3vlV/bArktOoH/2ID21GHxsDX/x6cutapMuveK/4pmZ/U2jWr
r+urzFYKV+muezkJCm2qy02pcJYud1DxRY5aCe2J5m1WYGROnCm5CyBb8NiQLBeK
uzk4cK1fYqk35475dE+vHdnFdz1Td2laSafYze+M2KPX82YN4R/dGsOn8hR+39b4
WXS7zzoHh+KSwvs2ab6E8Nd3p4s0jvOvQo/+L52q1+iWSnzahXRTc3u1RHIzTf+f
X6NszAhli121jVQxLeaSuxkXyuKZM5IcFfojY55GSjLUblA1A+I2qmkcheA6rs4E
hZ+4m5DgtVG5+fJpoDLLxtKYp4hSxhd59Z9mlTWMqptK0WGkW48=
=vtjs
-----END PGP PUBLIC KEY BLOCK-----

PoC Videos

  1. SquirrelMail < 1.4.23 Remote Code Execution (CVE-2017-7692)
  2. PHPMailer / SwiftMailer / Zend-mail - Remote Code Execution
    (CVE-2016-10033 / CVE-2016-10045 / CVE-2016-10074 / CVE-2016-10034)
  3. Nagios Core < 4.2.4 Root Privilege Escalation (CVE-2016-9566)
  4. Nagios Core < 4.2.2 Curl Command Injection / Remote Code Execution (CVE-2016-9565)
  5. MySQL / MariaDB / Percona - Race Cond. & Root Privilege Esc. (CVE-2016-6663 & CVE-2016-6664)
  6. Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation (CVE-2016-1247)
  7. Apache Tomcat (Debian-based distros) <= 6/7/8 Root Privilege Escalation (CVE-2016-1240)
  8. Adobe ColdFusion <= 11 XML External Entity (XXE) Injection Exploit (CVE-2016-4264)