AppCheck Security Blog

Attacking the Supply Chain: Dependency Confusion

Modern web applications are typically built using a combination of in-house custom code and third-party libraries. The in-house code leverages functionality from typically open-source libraries that provide convenient access in the chosen development language to common functions (such as email sending or data structure access). These libraries will typically be deployed to the webserver serving the web application along with the in-house code... [read more]

read more

Attacking the Supply Chain: Dependency Confusion

Modern web applications are typically built using a combination of in-house custom code and third-party libraries. The in-house code leverages functionality from typically open-source libraries that provide convenient access in the chosen development language to common functions (such as email sending or data structure access). These libraries will typically be deployed to the webserver serving the web application along with the in-house code... [read more]

Read more

“RCE” Primer: Remote Code Execution

Remote code execution (RCE) is the term used to describe the execution of arbitrary code on a system where the attacker does not have direct access to the console. Any vulnerability that allows an attacker to execute code or commands on remote system where this was not intended can be said to result in RCE.

Read more

Advisory: CVE-2020-29045 - Unauthenticated RCE via Arbitrary Object Deserialisation in Five Star Restaurant Menu - WordPress Ordering Plugin

It is possible to gain Unauthenticated Remote Code Execution (RCE) on any WordPress instance that is using this plugin, due to the unsafe use of unserialize for the parsing of unsanitised user input, via the cookie fdm_cart used within includes/class-cart-manager.php

Read more

Information Disclosure Vulnerabilities: Mimes, Gits & Leaky Proxies

Information disclosure occurs when out-of-scope data – such as information relating to the service operation, or its operators – is returned to clients in-band through the defined data response channel (e.g HTTP responses). Typically exploiting these vulnerabilities doesn’t require an attacker to do anything other than make passive requests (those not containing a malicious payloads) or to attempt to bypass access controls – often there is therefore no “attack signature” that can be detected in logs or blocked by Web Application Firewalls, and companies may find it impossible to prosecute an attacker or prove that they performed an action that was in any way criminal.

Read more

Advisory: CVE-2020-29047 - Unauthenticated RCE via Arbitrary Object Deserialisation in WordPress Hotel Booking Plugin

CVE: CVE-2020-29047
Severity: HIGH
Vulnerability Type: CWE-502: Deserialization of Untrusted Data
Requires Authentication: No

Read more

URL Parsing and Path Traversal

This article focusses on URL parsing and the security issues surrounding it, taking a look at path traversal and how this can be employed by an attacker to cause the system to read or write files outside of the intended path scope.

Read more

Beyond the OWASP Top 10 – “Chicken Bits”, Pollution & Greedy Matches

In this article we go boldly beyond the OWASP Top 10 to review a few critical, interesting or just plain bizarre vulnerabilities not included in OWASP Top 10 and see how they could impact you.

Read more

Template Injection: JsRender/JsViews

In this blog post we will explore Template Injection attacks against the JsReder/JsViews library.

Read more

External Entity Injection (XXE)

An XML (Extensible Markup Language) External Entity or XXE attack occurs when an attacker is able to exploit the application's processing of XML data by injecting malicious entities.

Read more

Introduction to... Deserialisation Vulnerabilities

Deserialisation vulnerabilities were introduced to the OWASP Top 10 in 2017, nudging out Cross-Site Request Forgery (CSRF), based on the increasing prevalence and impact of deserialisation attacks reported in an industry survey. But what are deserialisation vulnerabilities, how do they occur, why did the threat from them suddenly increase in recent years, and what can be done to protect your organisation from this vulnerability?

Read more