Skip to main content

Featured

Adobe Experience Manager - Create an OSGI Configuration

 In this article, let's create an OSGi configuration, configure it and use it in AEM code. So now let's get started with the creation of an OSGi configuration. Technical details and Assumptions: All the following details are tested in AEM version 6.5.8, Java version 11.0.2 Creation of OSGi configuration: To create an OSGi configuration we need to create an ObjectClassDefinition. I have included a sample OCD configuration, which can be used as a reference to create one. The next step would be to create an interface and an implementation that can help fetch the OSGi configurations.  Interface: Implementation: Let's try to use the OSGi configuration created so far in Models/Servlets. For demonstration purposes, I used AEM Models here, but the same can be implemented in Servlets too. Now that we have created the OSGi configuration. Once building the code, we should be able to see the OSGi configuration in the web console (http://localhost:4502/system/console/configMgr) C...
Post a Comment
Read more

First BufferOverFlow Exploit - SLmail

Seattle Lab Mail:

           It is certainly my first exploit, I wrote this exploit in coordination with the existing exploit written by an Author named muts as for his profile on exploit-db. I have no idea about his real name and that's not our concern here too.

Links:

          That existing is found on the link:  https://www.exploit-db.com/exploits/638/
          And my exploit is found on the link: https://github.com/stormworm29/SLMail_BufferOverFlow_Exploit

Output:

 Solution:

        This exploit was certainly interesting, just understanding it took me a while, being my first exploit.
        I made a simple walk through already on the above github link. This post is just the counter part How and Why I was able to exploit it and what was the preventive measures to be taken to prevent them.
       Here the main part exploited is the PASS field, if you had a little patience when passing through the last part of the final exploit file slmailexploit.py. All parts of the exploits are flooded into a single input field PASS. 
       What the real problem here is a simple input validation restricting the number of characters that can be given as input. Consider a simple C++ program if pass is a character array of length 20 taken a input then.
That's really simple isn't it.Just think a little bit more than a normal developer to built a better secure Application.

Happy Hacking :)
For clarifications you can leave your comments below, And further, if you find an interesting exploits leave it below let's solve them.

Comments

Post a Comment

Popular Posts