Vulnerabilities (Page 26)

Got Follows Redirects to Unix Sockets

The title says pretty much all that you need to know, the got HTTP request library for Node will follow redirects to a Unix socket.So an attacker who can invoke a request (SSRF) to a server they control could redirect that request back towards a unix socket on the local machine…

 

Iconics Support for `gdfx` Files Results in Command Injection

This seemed to mostly be an exercise in attack surface discovery, scanning the files used by Iconics they found support for gdfx files with support for embeded JavaScript, including the ability to load an ActiveX object and execute shell commands on the local machine. Despite this being an apparently surface level issue, it survived until Pwn2Own and through multiple other contestants (the author was 5th of 7 against the application) to net them a $20,000 bounty.