cfreal's blog

Hacker.
Maintainer of PHPGGC, ten...
Previous research.

Google CTF Quals 2019: GLotto Writeup

jeu. 27 juin 2019

Introduction

The Google CTF 2019 Quals happened this week-end and a friend told me about the GLotto web challenge, which seemed really fun. Can you imagine this ? A fun web challenge ! I had a go at it and here's my writeup. The idea is to push an ORDER BY SQL …

Continue reading »

CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation

mer. 03 avril 2019

Introduction

From version 2.4.17 (Oct 9, 2015) to version 2.4.38 (Apr 1, 2019), Apache HTTP suffers from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call. The vulnerability is triggered when Apache gracefully restarts (apache2ctl graceful). In …

Continue reading »