rskvp93 - Blog of Viettel Cyber Security

Deep understand ASPX file handling and some related attack vectors

Basic conceptsEach IIS server may be include many websites, each website has Site ID, Physical webroot path, bindings and Root application (and more another applications under child directory): Example website1For example, website1 have: Site ID = 2, Physical Path = C:\website1, Bindings = http:*:81:, two applications (Root application at C:\website1

Pwn2Own 2021 Microsoft Exchange Exploit Chain

VULNERABILITY TITLE Microsoft Exchange Unauthenticated SSRF in Autodiscover frontend service combined with Authentication Bypass in Powershell Backend service and Arbitrary File Write in OAB backend service lead to Remote Code Execution VULNERABILITY SUMMARY The chains of 3 vulnerablity allows remote attackers to write a webshell and execute arbitrary code on

Researches

The journey of exploiting a Sharepoint vulnerability.

Today I will writeup two vulnerabilities: Microsoft Sharepoint: MS13–067Microsoft Exchange: MS13–105Before reading, I think you need to know some concepts: Microsoft Exchange, Microsoft Sharepoint, ASP.NET Web Forms, VIEWSTATE. Microsoft Exchange is the webmail server of MicrosoftMicrosoft Sharepoint is a web-based, collaborative platform for creating portal, managing document,