Skip to content

research.securitum.com

securitum.com vulnerabilities researches and cyber security education publications

  • Penetration Testing
  • Research blog
  • About us
  • Contact us

Tag: kibana

Exploiting prototype pollution – RCE in Kibana (CVE-2019-7609)

MichaƂ Bentkowski | October 30, 2019October 30, 2019 | Research

Prototype pollution is a vulnerability that is specific to programming languages with prototype-based inheritance (the most common one being JavaScript). While the bug is well-known for some time now, it lacks practical examples of exploitation. In this post, I’m showing how to exploit it to achieve Remote Code Execution in Kibana.

Read more

Find us on Linkedin!

Research updates?

We keep your data private and use it only for research updates newsletter. We also hate spam! Read our Privacy Policy.

Check your inbox or spam folder to confirm your subscription.

Categories

  • Education 44
  • Research 35
  • Uncategorized 1

Tags

Active Directory · Analysis · Apache · Browser security · Bug Bounty · Bypass · CA · Camera · CCTV · Cryptography · CSS · Desktop · dompurify · Google · Hack · hacking · HTTP · HTTP/2 · IoT · javascript · js · json web token · jwt · kibana · Linux · Malware · Mozilla Firefox · mxss · NMAP · OSINT · pebble · prototype pollution · RCE · Reconnaissance · SSL · ssti · Takeover · template injection · Upload · Vulnerability · Web Hacking · WiFi · windows · Wordpress · XSS

Archives

  • 2023 2
  • 2022 9
  • 2021 3
  • 2020 10
  • 2019 8
  • 2018 10
  • 2017 18
  • 2016 8
  • 2015 5

Follow us on:

  • LinkedIn
  • Facebook
  • Twitter
  • GitHub

Pages

  • Research Home Page
  • Penetration Testing
  • Privacy Policy
  • About us
  • Contact us

Recent Posts

  • XSS in WordPress via open embed auto discovery May 29, 2023
  • How to access data secured with BitLocker? Do a system update January 12, 2023
  • Amazon once again lost control (for 3 hours) over the IP pool in a BGP Hijacking attack October 28, 2022
  • SOCMINT – or rather OSINT of social media October 15, 2022
  • PyScript – or rather Python in your browser + what can be done with it? September 10, 2022
©2023 research.securitum.com