It is more and more common to face opensource projects during Red Team engagements. Due to time and efficiency constraints related to such assessments, it is always enjoyable to discover “quick-win” 0day vulnerabilities that will allow progressing in the intrusion and pivoting to critical networks or services. In this talk, we try to describe a methodology that allowed us to quickly discover numerous critical vulnerabilities in a widely-adopted project, GLPI. We will also discuss these findings and the security mechanisms that were implemented and how they were defeated.
Thomas Chauchefoin (Synacktiv), Julien Szlamowicz (Synacktiv)
Thomas and Julien are two security researchers working at Synacktiv. They are mostly interested in web security and they had the possibility to practice it during several years of penetration testing and red team engagements.