Episode Details

Back to Episodes
One Empty Header to Admin: How an Auth Bypass Breaks OpenBullet2

One Empty Header to Admin: How an Auth Bypass Breaks OpenBullet2

Published 1 week, 5 days ago
Description

This story was originally published on HackerNoon at: https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2.
Five vulnerabilities in OpenBullet2: an empty API key, path traversal, RCE, and an NTLM hash leak.
Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity. You can also check exclusive content about #ethical-hacking, #rce, #exploit, #openbullet2, #what-is-openbullet2, #openbullet2-explained, #vulnerabilities, #cybersecurity-awareness, and more.

This story was written by: @vognik. Learn more about this writer by checking @vognik's about page, and for more stories, please visit hackernoon.com.

This article walks through 5 CVEs: an empty X-Api-Key header that bypasses authentication by default, arbitrary C# and script-file execution, a wordlist path traversal granting arbitrary file read/write/delete as root, and an NTLMv2 hash leak on Windows.

Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us