About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Solarwind Auth Bypass- 349

CERT Coordination CenterPosted 5 Years Ago
  • By including the Request.PathInfo parameter with the SkipAuthorization flag, all auth can be skipped on the API. With this auth bypass, arbitrary commands can be used on the remote machine to pop a shell.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed