Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 36 of 86

Upgrade self XSS to Exploitable XSS an 3 Ways Technic

  • 3 min read

์˜ค๋Š˜์€ Self-XSS๋ฅผ ์œ ํšจํ•œ XSS๋กœ ์—…๊ทธ๋ ˆ์ด๋“œ ํ•˜๋Š” ๋ฐฉ๋ฒ• 3๊ฐ€์ง€์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐ ํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

์›น ์†Œ์ผ“์˜ ์ƒˆ๋กœ์šด ๊ณต๊ฒฉ ๊ธฐ๋ฒ•! WebSocket Connection Smuggling ๐Ÿ˜ˆ

  • 3 min read

์˜ค๋Š˜์€ WebSocket Connection Smuggling์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. Hacktivity 2019 ์ปจํผ๋Ÿฐ์Šค์—์„œ ๋ฐœํ‘œ๋œ ๋‚ด์šฉ์ด๊ณ , ์‹ ๊ธฐํ•œ๊ฑฐ ๊ฐ™์•„์„œ ๋ช‡๋ฒˆ ํ…Œ์ŠคํŠธํ•ด๋ณด๋‹ˆ ์‹ค์ œ ์ผ€์ด์Šค์—์„œ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ๋Š” ๋ฌธ์ œ๋กœ ๋ณด์ด๋„ค์š”.. (์ € ๋ฉ€๋ฆฌ ํ—๊ฐ€๋ฆฌ์—์„œ ํ•˜๋Š” ์ปจํผ๋Ÿฐ์Šค๋ผ ๊ฐ€๋ณธ์ ๋„ ์—†๊ณ ํ•œ๋ฐ, ๋ณผ๋งŒํ•œ ๋‚ด์šฉ๋“ค์ด ์ข€ ์žˆ๋„ค์š”!)

Read More

PHP7 UnderFlow RCE Vulnerabliity(CVE-2019-11043) ๊ฐ„๋‹จ ๋ถ„์„

  • 5 min read

์ผ์ฃผ์ผ์ „์— PHP FPM ์ทจ์•ฝ์  ๊ด€๋ จ ๋‚ด์šฉ ๋ฐ PoC๊ฐ€ ๊ณต๊ฐœ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. RCE๊ฐ€ ๊ฐ€๋Šฅํ•˜๊ณ , PoC๊ฐ€ ์›Œ๋‚™ ์ž˜ ๋‚˜์˜จ ์ผ€์ด์Šค๋ผ ์•„๋งˆ ๋Œ€๋‹ค์ˆ˜๊ฐ€ ๊ธด๊ธ‰์œผ๋กœ ๋Œ€์‘ํ•˜์ง€ ์•Š์•˜์„๊นŒ ์‹ถ์Šต๋‹ˆ๋‹ค.

Read More

CPDoS(Cache Poisoned Denial of Service) Attack for Korean

  • 4 min read

์ตœ๊ทผ์— CPDos์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๊ฐ€ ํ•ซํ•ฉ๋‹ˆ๋‹ค. HTTP Desync Attack ๋•Œ ์ด๋ฏธ ๊ฒฝํ—˜ํ–ˆ๋˜ ๋ถ€๋ถ„์ด์ง€๋งŒ, ์—ฌ๋Ÿฌ๋ชจ๋กœ ์ด์Šˆํ™” ๋˜๋‹ค๋ณด๋‹ˆ ์ผ์ ์œผ๋กœ๋‚˜ ๊ฐœ์ธ์ ์œผ๋กœ๋‚˜ ํ…Œ์ŠคํŠธ๋ฅผ ์ข€(๊ฐ•์ œ๋กœ..) ํ•ด๋ณด๊ฒŒ ๋˜์—ˆ๋„ค์š”.

Read More

Find Subdomain Takeover with Amass + SubJack

  • 1 min read

Subdomain takeover was once a very popular vulnerability. Itโ€™s still constantly being discovered. Of course, there are so many hackers running automated code that itโ€™s hard to actually find it. but youโ€™ll find it with lucky. and from the corporate security point of view, you have to check it out. so i share it.

Read More

Golang ์œผ๋กœ ๋งŒ๋“  ์›น ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜ Heroku์— ๋ฐฐํฌํ•˜๊ธฐ

  • 1 min read

์š”์ฆ˜ ๊ณต๋ถ€๋„ํ• ๊ฒธ golang ์œผ๋กœ ๋„์ ๋„์  ๋งŒ๋“ค์–ด๋ณด๊ณ  ์žˆ๋Š”๊ฒŒ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ ์ค‘ ์ผ๋ถ€๋Š” ์›น ํ™˜๊ฒฝ์œผ๋กœ ๊ตฌ์„ฑํ•˜๊ณ  heroku์— ๋„์šธ ์ƒ๊ฐ์ธ๋ฐ, ๋ฃจ๋น„์ฒ˜๋Ÿผ ์‚ฌ์ „์— ์„ธํŒ…์ด ํ•„์š”ํ•œ ๋ถ€๋ถ„๋“ค์ด ์žˆ์–ด์„œ ๋‚ด์šฉ ์ •๋ฆฌํ•ด๋‘ก๋‹ˆ๋‹ค.

Read More

jwt-cracker๋ฅผ ์ด์šฉํ•œ secret key crack

  • ~1 min read

JWT๋Š” ๋‚ด์šฉ์— ๋Œ€ํ•œ ์„œ๋ช…์„ ๋‚ด์šฉ ๋’ค์— ๋ถ™์—ฌ์ฃผ์–ด ์œ„๋ณ€์กฐ๋ฅผ ๊ฐ์ง€ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ฐ„ํ˜น secret์ด ๊ฐ„๋‹จํ•˜๊ฒŒ ์„ค์ •๋œ ๊ฒฝ์šฐ์—๋Š” secret์„ ์ฐพ๊ณ  ๋ณ€์กฐ๋œ JWT๋ฅผ ๋งŒ๋“ค ์ˆ˜ ์žˆ๋Š”๋ฐ, ์ด๋ฅผ ์ธ์ฆ์— ์‚ฌ์šฉํ•˜๊ฑฐ๋‚˜ ์ค‘์š” ๋กœ์ง์—์„œ ๋ฐ์ดํ„ฐ๋ฅผ ์ฝ์–ด ์‚ฌ์šฉํ•˜๋Š” ๊ฒฝ์šฐ ํฐ ๋ณด์•ˆ์ ์ธ ๋ฆฌ์Šคํฌ๋ฅผ ๊ฐ€์ง€๊ฒŒ๋ฉ๋‹ˆ๋‹ค.

Read More

Bypass referer check logic for CSRF

  • 2 min read

Referer header check is probably the most frequently used CSRF countermeasure. Itโ€™s easier to implement and less performance issues than the token approach, so itโ€™s the preferred approach, and thatโ€™s the some risk for bypass.

Read More

New Technic of HTTP Desync Attack

  • ~1 min read

After the HTTP Desync Attack announcement, the bugbounty hunters and corporate security personnel seem to be very busy. Albino recently announced that he would be writing additional articles, and new post were posted on the portswigger blog.

Read More