Review Board XSS Discovered

This post will be updated with more information soon. A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent. Proof-of-Concept: By utilizing the built-in markdown editing, Continue Reading

CVE-2020-28408 & CVE-2020-28409 – Multiple Persistent XSS Discovered in Dundas BI Server

Content here will be expanded on upon later, for now this serves as a quick description and write-up. Overview Dundas BI server has two stable release versions available for download for customers. Version 7.0.2.1009 and Version 8.0.0.1001. Both product versions contain persistent cross-site scripting (XSS) vulnerabilities in the same location. Continue Reading

AD Hacking: Mimikatz Part I

Hello all, this is going to be a two part series on Mimikatz and its powerful uses. First and foremost, if you haven’t set up an active directory lab environment yet, please do so by visiting this link –> https://mattschmidt.net/2019/05/10/llmnr-poisoning-part-i-requirements-installing-operating-systems/ and follow Part I and II of that series. Note: Continue Reading