There is a lot of attack surface in dotCMS, however we are going to focus on the APIs that were declared using .rs. As it uses .rs, it is possible to get a good understanding of some of the attack surface by searching for in the code base - this is similar to Spring applications. ![]() This blog post walks through the discovery process of this vulnerability and exploitation process on this large bank.ĭotCMS is a Java application which makes use of .rs in order to declare API routes in the application. While we were unable to find a web accessible directory to upload a web shell in the limited time we had, we were able to replace the contents of arbitrary JavaScript files already existing on the system. Through source code analysis, it was possible to find an arbitrary file upload vulnerability, which allowed us to write to any directory on the local system. He knew that whitebox source code auditing was my jam and asked if I could take a closer look with the aim of compromising this bank. ![]() ![]() This bank was running a bug bounty program. Closer to reality and more in line with the can-do attitude of hackers, banks are just as vulnerable as other organisations and industries.Ī few months ago, a friend of mine Hussein came to me with an interesting piece of software that a large bank was using called dotCMS. To the outside world, banks are supposed to have impenetrable security, or at least that’s how they usually market themselves. ![]() Hacking a bank is one of those things that you have to cross off your bucket list as a credible hacker.
0 Comments
Leave a Reply. |