AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Bank hacking program4/10/2023 As it uses .rs, it is possible to get a good understanding of some of the attack surface by searching for in the code base - this is similar to Spring applications. This blog post walks through the discovery process of this vulnerability and exploitation process on this large bank.ĭotCMS is a Java application which makes use of .rs in order to declare API routes in the application. While we were unable to find a web accessible directory to upload a web shell in the limited time we had, we were able to replace the contents of arbitrary JavaScript files already existing on the system. Through source code analysis, it was possible to find an arbitrary file upload vulnerability, which allowed us to write to any directory on the local system. He knew that whitebox source code auditing was my jam and asked if I could take a closer look with the aim of compromising this bank. This bank was running a bug bounty program. Closer to reality and more in line with the can-do attitude of hackers, banks are just as vulnerable as other organisations and industries.Ī few months ago, a friend of mine Hussein came to me with an interesting piece of software that a large bank was using called dotCMS. To the outside world, banks are supposed to have impenetrable security, or at least that’s how they usually market themselves. Hacking a bank is one of those things that you have to cross off your bucket list as a credible hacker.
0 Comments
Read More
Leave a Reply. |