Socket.io-file <= 2.0.31 – File Type Restriction Bypass

Title: File Type Restriction Bypass in Socket.io-file NPM moduleDate: 31/07/2020CVE-ID: –Advisory: –Author: Thomas SermpinisVersions: <= 2.0.31Package URL: https://www.npmjs.com/package/socket.io-fileTested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: – During some of our pentests, we face applications that are well secured with not so many misconfigurations. That means that we have to dig deeper, if theContinue reading “Socket.io-file <= 2.0.31 – File Type Restriction Bypass”

TROOPERS18 and a crazy journey!

Hello friend, Thinks are happening to my territory, and no time slots for this lonely blog. I see that many of you keep visiting though and I am really happy about it. I have many things to tell you. Many things happen in my life, and I want to continue to share with you myContinue reading “TROOPERS18 and a crazy journey!”

BlackHat Europe 2017 – The Wrap Up

“Hello, friend. Hello, friend? That’s lame. Maybe I should give you a name, but that’s a slippery slope. You’re only in my head. We have to remember that. Shit.” Hope you are all well. After a nice trip to London, and a great time at Blackhat Europe 2017, I feel the need to share my experienceContinue reading “BlackHat Europe 2017 – The Wrap Up”

My Road to TROOPERS Scholarship! – Part 1

Hello Everyone, It’s been a while since our last talk. You know, many things happening, a masters degree and a constant dream hunting. I think that the last time we talked, it was about my conclusion in the BlackHat Europe 2016 event, and my first vlog. Now, it is time for a new announcement, andContinue reading “My Road to TROOPERS Scholarship! – Part 1”