Socket.io-file <= 2.0.31 – File Type Restriction Bypass

Title: File Type Restriction Bypass in Socket.io-file NPM moduleDate: 31/07/2020CVE-ID: –Advisory: –Author: Thomas SermpinisVersions: <= 2.0.31Package URL: https://www.npmjs.com/package/socket.io-fileTested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: – During some of our pentests, we face applications that are well secured with not so many misconfigurations. That means that we have to dig deeper, if theContinue reading “Socket.io-file <= 2.0.31 – File Type Restriction Bypass”

[CVE-2020-15779] Path Traversal in Socket.io-file NPM module

Title: Path Traversal in Socket.io-file NPM module Date: 18/05/2020 CVE-ID: CVE-2020-15779 Advisory: https://www.npmjs.com/advisories/1519 Author: Thomas Sermpinis (a.k.a. Cr0wTom) Website: https://cr0wsplace.com Versions: <= 2.0.31 Package URL: https://www.npmjs.com/package/socket.io-file Tested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: https://www.exploit-db.com/exploits/48713 During one of my penetration tests for a local military equipment supplier while working for Auxilium Cyber Security, IContinue reading “[CVE-2020-15779] Path Traversal in Socket.io-file NPM module”

How to secure your corporate VPN Infrastructure during the COVID-19 epidemic?

This post was originaly posted to my LinkedIn profile here, in cooperation with Auxilium Cyber Security. COVID-19 still affects our everyday life, with companies being one of the weakest links in the chain. Employees get filled with uncertainty for their future which seriously affects people’s judgment and habits. In our last post, we discussed phishing and howContinue reading “How to secure your corporate VPN Infrastructure during the COVID-19 epidemic?”

How to secure your corporate ICT during the COVID-19 epidemic?

This post was originaly posted to my LinkedIn profile here, in cooperation with Auxilium Cyber Security. With novel coronavirus cases on the rise, people get filled with fear and uncertainty. This seriously impacts all the aspects of our everyday life, and as a result, that of our working life. Auxilium Cyber Security has a long experienceContinue reading “How to secure your corporate ICT during the COVID-19 epidemic?”