secDevLabs icon indicating copy to clipboard operation
secDevLabs copied to clipboard
verified publisher icon globocom

Amarelo Designs (resolution)

Open RayTdC opened this issue 1 year ago • 0 comments

This solution refers to which of the apps?

A8 - Amarelo Designs

What did you do to mitigate the vulnerability?

The app had a security flaw, which allowed the attacker to execute code remotely through a serialization vulnerability. The pickle module in Python is widely used to serialize and deserialize Python objects. However, its suitability depends on the context in which it is being used. In this case, JWT (JSON Web Token) was used, as Pickle's functionality allowed the attacker to access the machine through a reverse shell requested through the serialization vulnerability, which is where pickle is capable of serializing Python objects that may contain malicious code. When using JWT for serialization and deserialization, you have additional security benefits provided by authentication and signature verification, which are recommended in this app to prevent remote execution of malicious code.

The images below show the successful hacking attempt on the machine.
Captura de Tela 2024-05-08 às 10 46 57
Captura de Tela 2024-05-08 às 10 47 48

After the changes, it is no longer possible to access the machine as root.
Captura de Tela 2024-05-08 às 10 49 12
Captura de Tela 2024-05-08 às 10 50 36

RayTdC avatar May 09 '24 15:05 RayTdC