Tag Archives: Chromium

Microsoft Patch Tuesday May 2022: Edge RCE, PetitPotam LSA Spoofing, bad patches

1 Reply

Microsoft Patch Tuesday May 2022: Edge RCE, PetitPotam LSA Spoofing, bad patches. Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2022. Sorry for the delay, this month has been quite intense. As usual, I’m using my Vulristics project and going through not only the vulnerabilities that were presented on May 10th, but all the MS vulnerabilities presented by Microsoft since the previous Patch Tuesday, April 12th.

Alternative video link (for Russia): https://vk.com/video-149273431_456239089

I have set direct links in comments_links.txt for Qualys, ZDI and Kaspersky blog posts.

Continue reading

Security News: Microsoft Patch Tuesday September 2021, OMIGOD, MSHTML RCE, Confluence RCE, Ghostscript RCE, FORCEDENTRY Pegasus

Leave a reply

Security News: Microsoft Patch Tuesday September 2021, OMIGOD, MSHTML RCE, Confluence RCE, Ghostscript RCE, FORCEDENTRY Pegasus. Hello everyone! This time, let’s talk about recent vulnerabilities. I’ll start with Microsoft Patch Tuesday for September 2021. I created a report using my Vulristics tool. You can see the full report here.

The most interesting thing about the September Patch Tuesday is that the top 3 VM vendors ignored almost all RCEs in their reviews. However, there were interesting RCEs in the Office products. And what is most unforgivable is that they did not mention CVE-2021-38647 RCE in OMI – Open Management Infrastructure. Only ZDI wrote about this.

Continue reading

Making Vulnerable Web-Applications: XXS, RCE, SQL Injection and Stored XSS ( + Buffer Overflow)

6 Replies

Making Vulnerable Web-Applications: XXS, RCE, SQL Injection and Stored XSS ( + Buffer Overflow). In this post I will write some simple vulnerable web applications in python3 and will show how to attack them. This is all for educational purposes and for complete beginners. So please don’t be too hard on me. 😉

Vulnerability Examples

As a first step I will create a basic web-application using twisted python web server (you can learn more about it in “Making simple Nmap SPA web GUI with Apache, AngularJS and Python Twisted“).

Continue reading

Automating Opera browser with Selenium WebDriver and Python

3 Replies

Automating Opera browser with Selenium WebDriver and Python. The right way to automate a web application is, certainly, to understand how this application works, by using burp (see “Burp Suite Free Edition and NTLM authentication in ASP.net applications“) for example, retrieve all necessary requests and learn how to use them.

However, this is sometimes so difficult and confusing, especially when the site owners are actively fighting with automation attempts. In this case, you may want to automate somehow the work on the highest level, with the graphical elements of the site. You can view them as some pictures, as SikuliX does (“SikuliX: the last chance for automation“, or as some elements of code, as Selenium IDE does.

But it would much better to control the browser itself from the Python scripts. And this can be done with Selenium WebDriver.

Selenium WebDriver, Python and Opera browser

Guys from Guru99 have wrote me a letter about their free course about Selenium.

This course looks pretty good. In the first part you can find a detailed description of Selenium components and the project history. After reading this, I finally decided that the Selenium WebDriver suited me best. Examples of WebDriver usage are written in Java, and I wanted to use Python. But since the calls are the same, lessons of this course are still more than useful.

And despite the fact that Selenium is usually used with Firefox, I tried to use it with Chromium-based Opera. This browser is very popular in Russia because of some unique features. 😉

Continue reading