Alexander Andersson

Posts by Alexander Andersson:

Bypassing modern XSS mitigations with code-reuse attacks

Cross-site Scripting (XSS) has been around for almost two decades yet it is still one of the most common vulnerabilities on the web. Many second-line mechanisms have therefore evolved to mitigate the impact of the seemingly endless flow of new vulnerabilities. Quite often I meet the misconception that these second-line mechanisms can be relied upon […]

03 Apr 2020 in Cyber Security

From S3 bucket to Laravel unserialize RCE

Insecure deserialization is a common vulnerability (OWASP TOP10) that very often leads to arbitrary code execution. Today, I’m going to explain how to turn a seemingly harmless deserialization into code execution. This recently came in handy for me in a penetration test of a PHP/Laravel based application. Before we jump down the rabbit hole, I’ll […]

12 Feb 2020 in Cyber Security

Reverse shell through a node.js math parser

CVE-2020-6836 Recently, I performed a penetration test of a typical single-page application, exposing a static React web app and a REST API written in Node.js. This article details how I discovered and exploited a critical vulnerability (now known as CVE-2020-6836) that allowed unauthenticated arbitrary remote code execution. The API had an endpoint that was kind […]

17 Jan 2020 in Cyber Security