1. Overview The BlueShell vulnerability is a backdoor malware developed in the Go language. A simple form of backdoor, the BlueShell vulnerability supports TLS encryption for communication with C&C servers to bypass network detection and execute attacker commands (remote command execution, file download/upload, Socks5 proxy). Source: GitHub https://github.com/restran/BlueShell 2. Attack Process BlueShell has three configuration Read more about [March 2024 Vulnerability Report] BlueShell Malware Vulnerability[…]

Ivanti Connect Secure and Policy Secure Multiple Vulnerability 1. Overview Ivanti’s Connect Secure and Policy Secure are SSL VPN solutions and IPS solutions, and we have analyzed CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893 that were recently discovered in these platforms. 2. Attack Types In January 2024, Ivanti released patches for vulnerabilities found in its Connect Secure Read more about [February 2024 Vulnerability Report] Ivanti Connect Secure & Policy Secure Vulnerability[…]

Server Side Template Injection Overview Server Side Template Injection (SSTI) vulnerability occurs when templates are structured on the server side and user input values are inserted into existing templates. Attackers exploit template syntax to insert malicious payloads, enabling them to perform actions desired by the attacker. Attack Process SSTI vulnerabilities vary across servers and templates, Read more about Server Side Template Injection[…]

Overview : HTTP/2 utilizes the “Stream multiplexing” feature, unlike HTTP/1.1, allowing multiple streams to be opened and closed within a single TCP connection. We have compiled an analysis of CVE-2023-44487, a denial of service (DoS) vulnerability recently discovered in this protocol.   Attack Type : CVE-2023-44487 targets all web services supporting the HTTP/2 protocol, primarily Read more about HTTP/2 Rapid Reset attack[…]

Major Vulnerabilities and Signature Pattern Response in 2023 Overview : MONITORAPP’s web firewall prevents and blocks attacks on web applications by integrating various security technologies. These technologies identify major vulnerabilities and provide effective responses to maintain the integrity and availability of web applications. To enhance the security of web applications, regularly updated signature patterns quickly Read more about Major Vulnerabilities in 2023[…]

2023.11 – Adobe ColdFusion Adobe ColdFusion Multiple vulnerability   1. Overview : Adobe ColdFusion is a web application development platform provided by Adobe. This summary compiles the analysis of recently discovered remote code execution (RCE) vulnerabilities on this platform, namely CVE-2023-26360, CVE-2023-26361, CVE-2023-29298, and CVE-2023-38205.     2. Attack Types : Adobe announced patches for Read more about Adobe ColdFusion Vulnerability Report[…]

2023.10 – ProxyShell MS Exchange Server ProxyShell 1.Overview : The ProxyShell vulnerability comprises SSRF (Server Side Request Forgery) and RCE (Remote Code Execute) vulnerabilities that can occur in MS Exchange Server, consisting of multiple CVEs. 2.Attack Process : This is an analysis of how three CVEs related to the ProxyShell vulnerability are interconnected and used. Read more about ProxyShell Vulnerability Report[…]

1. overview : The xmlrpc.php file in WordPress utilizes HTTP as the transport mechanism. It is WordPress’ ability to transfer data with XML acting as the encoding mechanism. It is a file created to handle the task of communicating with other systems (other blogs or apps) and through that xmlrpc.php file, you can run pingback Read more about WordPress xmlrpc vulnerability report[…]

2023.07 – ProxyNotShell 1. Overview ProxyNotShell is a Remote Code Execution (RCE) vulnerability in MS Exchange Server that consists of multiple CVEs, and we have summarized the results of our analysis for each CVE. 2. Attack Process This section analyzes how the three CVEs corresponding to the ProxyNotShell vulnerability are used in conjunction with each Read more about Vulnerability Analysis Report (2023.07)[…]

1. Overview SQL Injection is a major attack vector for websites and a common security threat in web applications. Most web application firewalls (WAFs) can detect and block SQL Injection attacks natively. However, many WAF vendors have been found to be unable to detect SQL Injection attacks that exploit JSON operators and functions, so we Read more about SQL Injection based JSON[…]