eSec Security Team

HTML INJECTION IN EMAIL

WHAT IS HTML INJECTION?

HTML injection is a type of injection issue that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. It can be used to deface a web page or redirect the user to a malicious website. It can also be chained with other vulnerabilities to increase the impact for it.

eSec Security Team

Responsible Vulnerability Disclosure Formula Injection CVE-2020-2782: – Formula Injection Vulnerability in Oracle PeopleSoft Enterprise PeopleTools (Affected Versions 8.56, 8.57 and 8.58)

INTRODUCTION

PeopleSoft is an e-business software product line owned by Oracle®. Oracle PeopleSoft originally offered human resources and finance applications. Over the years, it has added tools and applications for general business processes, such as materials management, and applications for specific industries, such as the automotive, communications, and higher-education fields. PeopleSoft provides users with an integrated ERP software package that assists in the day-to-day execution of various business operations. PeopleSoft applications are used by human resource departments in large corporations. These applications include human resource management systems (HRMS), customer relationship management (CRM), financials, and supply chain management (FSCM), and enterprise performance management (EPM).

eSec Security Team

Responsible Vulnerability Disclosure CVE-2019-15510: ManageEngine DesktopCentral v 10 – Vulnerable to HTML Injection

INTRODUCTION

ManageEngine DesktopCentral is a Unified Endpoint Management (UEM) solution that helps manage servers, desktops, virtual machines, mobile phones, tablets, Its features includes Patch Management, Software Deployment, Remote Desktop Sharing, IT Asset Management, Desktop Configurations, Service Pack Installation, Active Directory Reports, User Administration, Mobile Device Management and many more.

eSec Security Team

Responsible Vulnerability Disclosure CVE-2019-13285: – CoSoSys Endpoint Protector DLP 5.1.0.2 allows Host Header Injection

INTRODUCTION

CoSoSys is a leading developer of endpoint centric Data Loss Prevention (DLP) solutions and security software. Its flagship product, Endpoint Protector, is an advanced all-in-one DLP solution for Windows, macOS, and Linux computers. The solution puts an end to unintentional data leaks, protects from malicious data theft, offers seamless control of portable storage devices, and helps to reach compliance with data protection regulations such as GDPR, HIPAA, CCPA, or PCI DSS. It provides a short learning curve and flexible modules that can be mixed and matched to a customer’s needs. The solution has functionalities such as Device Control, Content and Context Aware Protection, eDiscovery, and Enforced Encryption.

eSec Security Team

Responsible Vulnerability Disclosure CVE-2019-12864: – Vulnerable to Information Leakage, because of improper error handling in Stack traces in SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, Netpath 1.1.4)

INTRODUCTION

SolarWinds® Network Performance Monitor (NPM) is a powerful and affordable network monitoring software that enables you to quickly detect, diagnose, and resolve network performance problems and outages. Network Performance Monitor is a Multi-vendor network monitoring that scales and expands with the needs of your network, Key Features includes  Multi-vendor network monitoring, Network Insights for deeper visibility, Intelligent maps, NetPath and PerfStack for easy troubleshooting, Smarter scalability for large environments and Advanced alerting.

eSec Security Team

Cross-Origin Resource Sharing (CORS) Exploit/ How to exploit CORS

CORS INTRODUCTION

CORS (Cross-Origin Resource Sharing) provides a mechanism to share resources outside the original domain to other domains purposefully but in a controlled manner, If CORS policy is not strongly implemented or enforced it may lead to a cross domain based attacks such as leaking sensitive information to an outside domain such as credentials, API Keys etc.

eSec Security Team

Responsible Vulnerability Disclosure CVE-2019-12954 Solarwinds Network Performance Monitor Orion platform-2018 npm 12-3 netpath 1-1-3 vulnerable for stored xss

Network Performance Monitor – Introduction

Network Performance Monitor is a powerful network monitoring software that enables you to quickly detect, diagnose, and resolve network performance problems and outages. NPM uses to identify network elements. During Discovery, NPM scans the network for nodes, and when a node and associated elements are found, you can add them to the SolarWinds database for monitoring.

eSec Security Team

Responsible Vulnerability Disclosure CVE-2019-12863: – Stored HTML Injection vulnerability in SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4)

INTRODUCTION

SolarWinds® Network Performance Monitor (NPM) is a powerful and affordable network monitoring software that enables you to quickly detect, diagnose, and resolve network performance problems and outages. NPM is a Multi-vendor network monitoring that scales and expands with the needs of your network, Key Features includes  Multi-vendor network monitoring, Network Insights for deeper visibility, Intelligent maps, NetPath and PerfStack for easy troubleshooting, Smarter scalability for large environments and Advanced alerting.

SSl Pinning
eSec Security Team

SSL Pinning Bypass via Frida

INTRODUCTION

SSL pinning allows the application to only trust the valid or pre-defined certificate or Public Key. The application developer uses SSL pinning technique as an additional security layer for application traffic. As normally, application trusts custom certificate and allows application to intercept the traffic. But in the SSL Pinning implementation, application does not trust custom certificates and does not allow proxy tools to intercept the traffic.