Jul 10, 2017, 8:45 PM
Telerik's ASP.NET AsyncUploader (RadAsyncUpload) is vulnerable to arbitrary file uploads. By abusing a default hard-coded key (which can be changed, but often is not), a malicious actor can decrypt a server-side encrypted parameter and modify the file upload location to any writable path of the web server user. This was verified to work through version 2017.2.503 (released May 3rd, 2017).
Mar 23, 2017, 5:48 PM
A common finding in penetration tests is that clients are not properly managing egress packet filtering from their network to the internet. This post specifically talks about the dangers of allowing egress of SMB communications over port 445 to the internet, and one simple method of exploiting it to capture a user's credentials, crack them, and gain access to the network.