Apollo REST Data Source is used for fetching data from a REST API and exposing it via GraphQL within Apollo Server. This feature can be used to get access to the internal services. This issue is very easy to miss during code review as it is required deep knowledge of browser behaviour.
Stateless authentication and authorization with “signed web tokens” is a real gold mine to security researcher. They are hard to implement securely, and have several very easy to find and critical impact vulnerabilities (hardcoded secrets, weak signing keys, several types of algorithm confusion, etc). Today I will talk about the number of public CVEs I started with, how you can find same critical issues in a bunch of other products.
The recent rise of Apache Airflow CVE-2020-17526 vulnerabilities bring my attention to the flask session signing algorythm. My search of common flask’s default secrets at GitHub broght me to one interesting library Flask_Session. Flask-Session is an extension for Flask that adds support for Server-side Session to the application. It allows you to use Redis, Memcached key-value store as a session backend. By default python pickle library used for data serialization. Which reminded me of an interesting research.
Hard-coded credentials typically create a significant hole that allows an attacker to bypass the authentication that has been configured by the software administrator. Unfortunately this vulnerability might be difficult for the developers to detect. I’ll talk about the common misconfigurations at Flask powered applications and how malicious user can exploit vulnerability and how this risk can be mitigated.
A couple of months ago I was performing retest of an interesting Server Side Request Forgery (SSRF) vulnerability at debug GET parameter. Developers disabled it on load balancer and I decided to perform some fuzzing with awesome Burp Suite plugin param-miner. There was no way to exploit SSRF but interesting parameter action was discovered. Future investigation show that it is default behavior of Craft CMS. Fast search by public CVE retured promising vulnerability CVE-2018-14716. You can find information about issue and way to exploit it at blog post 0xB455. When you will finish reading article return and we find way to bypass fix and execute code at vulnerable system.
Common feature for modern web applications to save and process user files. It can be a avatar generation, file thumbnails, reports or screenshot generation. Open source data processing libraries are usually used for such purposes. There are number of known vulnerabilities at those libraries that can be used to get access to the sensitive informtation. At this article I’ll show you how to get access to arbitrary file on vulnerable system and lure process memory into your open arms.
Common feature for modern web applications to save and process user files. It can be a avatar generation, file thumbnails, reports or screenshot generation. Open source data processing libraries are usually used for such purposes. There are number of known vulnerabilities at those libraries that can be used to get access to the sensitive informtation. This article is mainly about a brief security review on Data processing libraries in last years.