Threat: Backdoor.Win32.Chubo.c
Vulnerability: Cross Site Scripting (XSS)
Family: Chubo
Type: Web Panel
MD5: c16b04a9879896ef453a6deb13528087
Vuln ID: MVID-2022-0528
Disclosure: 03/26/2022
Description: The malware listens on TCP port 81 and 8080. There…
Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Denial of Service
Family: Cafeini
Type: PE32
MD5: b24c56abb4bde960c2d51d4e509d2c68
Vuln ID: MVID-2022-0525
Disclosure: 03/25/2022
Description: The malware listens on TCP port 51966 and is packed by a…
Threat: Backdoor.Win32.Cyn.20
Vulnerability: Insecure Permissions
Description: The malware writes a “.EXE” file with insecure permissions to
c drive granting change (C) permissions to the authenticated user group.
Standard users can rename the…
Just wanted to let you know I updated the blog post with some more details:
apparently, this technique could be abused to bypass WAFs such as OWASP
ModSecurity CRS (Paranoia Level 1) and Cloudflare, check it out!
/EgiX
On Wed, Mar 23, 2022 at 3:07 PM Egidio Romano <research () karmainsecurity com>
wrote:
When the filter_var function is used in conjunction with the flags FILTER_VALIDATE_DOMAIN and FILTER_FLAG_HOSTNAME,
there is a vulnerability in PHP that allows the filter to be bypassed. This vulnerability could be used to introduce
vulnerabilities into code that would otherwise be safe to use.
Due to the lack of response from the PHP security team, I have decided to make this vulnerability publicly available
instead. Especially…