Core Software vulnerabilities

Here are some vulnerabilities I found, along with (when available) CVE and write-up!

Linux< 5.8.15Privilege EscalationCVE-2020-27194Write Up, Exploit
libGD<= 2.2.5PHP imagescale()remote wild freeHackerOne report
libGD<= 2.2.5PHP “Sandbox” escapeCVE-2019-6977Exploit
WordPress<= 5.3.2“Sandbox” escapeRIPS Blog
WordPress<= 5.0.0Unprivileged RCECVE-2019-8943RIPS Bog
WordPress<= 5.1.0CSRF to RCECVE-2019-9787RIPS Blog
WordPress<= 5.0.0Post Priv EscCVE-2018-20152RIPS Blog
WordPressPriv EscCVE-2018-20714RIPS Blog
WordPressUnprivileged Stored XSS in certain pluginsCVE-2019-16773HackerOne report
MyBB<= 1.8.2Unprivileged Stored XSSCVE-2019-12830RIPS Blog
MyBB<= 1.8.2Privileged RCECVE-2019-12831RIPS Blog
phpBB3<= 3.2.3Privileged RCECVE-2018-19274RIPS Blog
Pydio<= 8.2.1Unauthenticated RCECVE-2018-20718RIPS Blog
Shopware<= 5.4.3Privileged RCESW-21776
Magento<= 2.3.1Unauthenticated Stored XSS in Admin DashboardCVE-2019-7877RIPS Blog
Magento<= 2.3.0Privileged RCEPRODSECBUG-2261RIPS Blog
Magento<= 2.3.0Privileged RCEPRODSECBUG-2256
Magento<= 2.3.1Privileged RCECVE-2019-7932
Magento<= 2.3.1Privileged RCECVE-2019-7885
Magento<= 2.3.2Authenticated Stored XSSCVE-2019-8152
Magento<= 2.3.2escapeURL()bypassCVE-2019-8153
Magento<= 2.3.2Potential unauthenticated Stored XSSCVE-2019-8233

WordPress Plugin Advent Calendar

During my time at RIPS Tech I had the pleasure of setting up the so called “WordPress Plugin Advent Calendar”. In Germany, like in a lot of countries it is a tradition to give kids a treat every day from the first of December until Christmas eve. At RIPS, we wanted to implement this tradition for the InfoSec people. Each day we either released a vulnerability in a plugin or a core WordPress bug. Many of the plugins featured had millions of active installations and were composed of bugs in eCommerce, forums, Caching etc. Take a look here: RIPS Advent Calendar 2018.

I wrote the Calendar and found a big portion of the vulnerabilities. Credits go out to Dennis Brinkrolf and Karim Elouerghemmi, who were two amazing collegues!