Youssef Badaoui
Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution
This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.
Wed 16 October 2024
Advanced Techniques for Bypassing 4xx Errors
Discover the comprehensive techniques that are commonly used to bypass 4xx errors. Learn about the various methods used, including HTTP method fuzzing, request header manipulation, parameter tampering, and more.
Mon 05 August 2024
CVE-2024-5315 Dolibarr SQL Injection Investigation
CVE-2024-5315, an actively exploited Dolibarr SQL Injection with in incorrect patched-in version.
Sun 14 July 2024