Skip to main content

About

Nimit Jain - Graduated from IIT Kanpur, having an experience working with many high profile organizations and companies in Banking, Financial, Telecommunication and Health-Care Sectors. Well versed in conducting VAPT both automated and manually in Web, Network, Thick-clients and Web services. 

This blog is intended for everyone who is working in the domain of cyber security and mainly to help people who are starting up their career in Security. Hope it helps someone out there. I try to write as brief as possible so incase if you have any query and want to give any feedback feel free to comment or write me back at learnsecurity@pm.me or learnsecurity@protonmail.com

Disclaimer: All the content posted by author on this blog is for educational purpose only. Don't use it to violate any copyrights or illegal purposes.

Popular posts from this blog

Exploit for CVE-2019-12744 Remote Command Execution (RCE) through Unvalidated File Upload

As of late, I have discovered a genuine vulnerability RCE (Remote Command Execution) in one of the open-source software to be specific “SeedDMS”. Through this vulnerability, an attacker can upload a backdoor/web shell and execute commands on the server.  Because of the security concerns and impediments, I wouldn't be uploading any snippets or screenshots here but would try to explain it as brief as could be expected under the circumstances.  How about we get into the Exploit part as follows: Sign in to the application and inside any folder upload a PHP web shell file (there is no restriction or validation on the uploaded file). Presently in URL, you can observe a document id corresponding to the file uploaded (This ID is actually the folder name, I will jump on to this towards the end of the blog as to how I learned about the same)  Now go to the following URL "example.com/data/1048576/DOCUMENT_ID/1.php"   That is it!!!... Right it might sound very st...
Post a Comment
Read more

Exploit for CVE-2019-12745 - Stored XSS (Cross-Site Scripting)

In a series of my findings in SeedDMS Software. A quick update, SeedDMS is a opensource software in which I have found Vulnerabilities like RCE and XSS . This article is focused on the XSS finding, I had found in the latest version of SeedDMS. Lets get into the Exploitation part to see how it can be reproduced. Login to the application and go to My account and edit user details. Change the name by adding <script>alert("name")</script> as shown in below image. Now browse to user management option in Admin-tools and click on choose user to execute the previously inserted javascript code. A key takeway from this finding is that while pentesting try injecting JS payloads very specific for example here I have used "name" rather than traditional "1" inside the alert box. Why? You might ask. Reason is simple you might not know when where sanitisation and validation is not in place, and your injected payload might get executed somewhe...
Post a Comment
Read more

Exploit for CVE-2019-12932 - Stored XSS (Cross-Site Scripting)

Summary:  Recently I got 4 CVEs for reporting security issues in an opensource software namely SeedDMS. This particular post talks about the Exploit for CVE-2019-12932 which was present in SeedDMS 5.1.11 and has been patched and 5.1.12 has been released to fix the same. Exploit: Login to the application as a user and make a new folder, with your payload in name parameter as shown. Now save it as shown. Now search for the folder name to execute the XSS. I try to keep my posts as precise and to the point so incase you face any issue replicating the same, feel free to comment.
Post a Comment
Read more