Overview Discoverer: Connor NeffVendor & Product: DotNetNukeVersion: 9.5CVE Number: CVE-2020-11585 Introduction There is an information disclosure issue in DotNetNuke CMS (DNN) v.9.5 within the built in Message Center Module. A registered user is able to enumerate any file in the Admin File Manager that is not contained in a secure folder by sending themselves a … Continue reading DotNetNuke 9.5 File Path Information Disclosure (CVE-2020-11585 ) →

Introduction Welcome to the Part Two of my BGP hijack series! Previously, I’ve set up my demo network by creating three routers, a user, and FTP server using docker. For more information on setting up the demo, please visit my first post. Scenario Review The scenario I’ve created consisted of a malicious attacker that has … Continue reading BGP Hijacking: Demo →

Introduction Recently, I became interested in BGP hijacking attacks. The inspiration for the topic came from Hack the Box machine named Carrier. In the machine, I had to carry out a BGP hijacking attack to steal credentials and obtain root. I wanted to set up my own replica of the machine to better understand routing … Continue reading BGP Hijacking: Demo Setup →