Application Security, Responsible Disclosures

How I discovered RCE through a Misconfigured plugin

We have seen a lot of applications where some sub-domains or sub-directories are publicly exposed (intently or by mistake). So, with experience from our past pentests we have made a habit of testing  for vulnerable or accessible sub-domains. During one of such testing, I was manually testing the URLs of different sub-domains of the...

by Ankit Giri
Tag: grails console
13-Jan-2016

Grails

GroovyShell.evaluate() : The magician behind Grails Console

Grails console is one plugin that we install as soon as we create a new application. The power and the purpose of the utility is too good to be missed. On one such occasion, I decided to dig the code in the plugin and discovered the magic trick that executes the string that we type in the web interface. Turned out that...

by Vivek Krishna
Tag: grails console
05-Sep-2012