Cross-Site Scripting in Lychee

Posted on 22 Oct 2022 in security • Tagged with security, XSS • 3 min read

XSS in Lychee

Lychee is a self-hosted photo-management and gallery. I am using the Lychee application for my personal usage (mostly sharing pictures with the family).

The application has been greatly improved since the last update of my instance. I fired up a docker and start taking a look at the application for new features. It was not long before I found a few XSS, one of them could allow unauthenticated users to to gain logged access to the platform by creating a new account.

I reported the issues to the project and we created a Github Security Advisory: https://github.com/LycheeOrg/Lychee-front/security/advisories/GHSA-cr79-38hg-27gv.


Continue reading

HTB: Late

Posted on 22 Aug 2022 in security • Tagged with security, boot2root, HTB, SSTI, SUID, OCR • 3 min read

Late Card

This article is a writeup about a retired HacktheBox machine: Late publish on April 23, 2022 by kavigihan. This box is rated as an easy machine. It implies an OCR function, a SSTI and a SUID binary.


Continue reading

HTB: Timelaps

Posted on 22 Aug 2022 in security • Tagged with security, boot2root, HTB, SMB, LAPS • 6 min read

Timelaps Card

This article is a writeup about a retired HacktheBox machine: Timelapse publish on Mars 2022 by d4rkpayl0ad. This box is rated as an easy machine. It implies a SMB share, a encrypted zip archive, a certificate, a password in a shell history and LAPS.


Continue reading

HTB: Paper

Posted on 19 Jun 2022 in security • Tagged with security, boot2root, HTB, Wordpress, CVE-2019-17671 (wordpress), CVE-2021-3560 (polkit) • 5 min read

Paper Card

This article is a writeup about a retired HacktheBox machine: Paper publish on February 05, 2022 by secnigma. This box is rated as an easy machine. It implies a verbose header, a vulnerable WordPress a rocket chat bot and the PolKit exploit.


Continue reading

HTB: Meta

Posted on 12 Jun 2022 in security • Tagged with security, boot2root, HTB, subdomain, exiftool, ImageMagick, neofetch • 4 min read

Meta card

This is a writeup about a retired HacktheBox machine: Meta publish on January 22, 2022 by Nauten. This box is rated as a medium machine. It implies subdomain enumeration, a vulnerability in exiftool, another on in ImageMagick and a too permissive sudo command.


Continue reading

Forgot username?

Posted on 11 Jun 2022 in security • Tagged with security, osint, phone number • 4 min read

Forgot username

While browsing on the Internet, I founded a strange functionality forgot username?. Everyone know about the forgot password one that often imply to input the user email address and get a link to reset ones password. So what is that forgot username? thing?


Continue reading

HTB: Pandora

Posted on 25 May 2022 in security • Tagged with security, boot2root, HTB, suid, snmp, pandora • 5 min read

Pandora Card

This box is a writeup about a retired HacktheBox machine: Pandora publish on January 8, 2022 by TheCyberGeek and dmw0ng. This box is rated as an easy machine. It implies an UDP service, a localy exposed vulnerable application and an SUID binary.


Continue reading

HTB: Backdoor

Posted on 25 Apr 2022 in security • Tagged with security, boot2root, HTB, wordpress, lfi, gdbserver, screen • 2 min read

Backdoor

This is a writeup about a retired HacktheBox machine: Backdoor publish on November 20, 2021 by hkabubaker17. This box is rated as an easy machine. It implies a wordpress plugin, a LFI, a gdbserver and a screen process.


Continue reading

HTB: Secret

Posted on 28 Mar 2022 in security • Tagged with security, boot2root, HTB, jwt, core dump • 3 min read

Secret

This is a writeup about a retired HacktheBox machine: Secret publish on October 30, 2021 by z9fr. This box is rated as an easy machine. It implies a JWT token and its secret, as well as a program core dump.


Continue reading

HTB: Driver

Posted on 27 Feb 2022 in security • Tagged with security, boot2root, HTB, SCF file attack, print nightmare • 3 min read

Driver Card

This article is a writeup about a retired HacktheBox machine: Driver published on October 2, 2021 by MrR3boot. This box is rated as easy box the user part implies a "standard" password, a SCF file and Responder The root part is nudged by a few hints (box logo,printer on the foothold website) and implies the use of the CVE-2021-1675 and CVE-2021-34527 also know as PrintNightmare.


Continue reading