Vulnerabilities (Page 37)

Injection of sed Commands Leading to Remote Code Execution in pfSense

Abusing an otherwise secure call to shell_execallows users to control part of the sed commands leading to code execution.One thing of note is that this is the FreeBSD version of sed which differs from the more common GNU version in that it doesn’t include the commands to directly execute commands…

 

Finding an Authorization Bypass on my Own Website

Permissive parsing strikes again, MySQLjs by would accept objects as values for a parameterized query with a somewhat surprising default behaviour. The key issue here though is that MySQLjs exposes an interface entirely like prepared statements, but is actually crafting the query on the client side rather than using server-side prepared statements.