Unvalidated Redirect HTML Viewer – Element Messenger

Element (formerly Riot and Vector) is an open source instant messaging application implemented over the Matrix protocol. Matrix is known for supporting end-to-end encryption and the application itself is available for various platforms, including Desktop, Mobile and Web. This post will only be addressing the mobile version, which contained the vulnerability at the time this was written. Firstly, the Android application in question is available at this link, with the code base for the application hosted here....

October 28, 2020 · 3 min

CVE-2020-26163 BigBlueButton | Host Header Injection

Back in April, one of the systems I was testing was a video conferencing application, known as BigBlueButton, an open source challenger to Zoom. The BigBlueButton installation comes with a user friendly interface, known as Greenlight, which ties in nicely with the BigBlueButton server. While most of the corporate installations would be using LDAP authentication, at times, installation will be based on standard username and password login mechanism, which is handled by Greenlight....

May 25, 2020 · 3 min

CVE-2020-12113 BigBlueButton | Closed Captions XSS

As part of a penetration testing project at Catalyst IT, I conducted a test on an open source video conferencing system known as the BigBlueButton, an open source challenger to Zoom. The BigBlueButton contains a closed captions module, that allows a user to manually type captions, and all users with captions enabled can see them at the bottom of the screen. While the ability to add captions is only restricted to moderator level permissions, this issue is exaggerated, as when the breakout room functionality is used, all users are granted moderator level permissions, allowing them to write captions....

April 20, 2020 · 1 min

Easy Phish - HackTheBox

Easy Phish is an Open Source Intelligence (OSINT) challenge on hackthebox.eu, which provides the challenge flag through publicity available information. This walk-through will be providing step by step instructions on how that flag can be obtained. Customers of secure-startup.com have been receiving some very convincing phishing emails, can you figure out why? With the challenge brief above, three main points can be identified: The scope of the target is secure-startup.com domain and/or other related entities....

January 30, 2020 · 2 min