<![CDATA[tobsec's blog]]>https://tobsec.comRSS for NodeTue, 07 Apr 2026 19:55:53 GMT60<![CDATA[PowerFolder <17.3 affected by Information Disclosure Vulnerability (CVE-2022-38793) #CampusCloud]]>https://tobsec.com/powerfolder-below-v17-3-affected-by-information-disclosure-vulnerability-cve-2022-38793-campuscloudhttps://tobsec.com/powerfolder-below-v17-3-affected-by-information-disclosure-vulnerability-cve-2022-38793-campuscloudSun, 28 Aug 2022 10:50:11 GMTVendor of Product: dal33t GmbH

Affected Product Code Base: PowerFolder <17.3

Affected Component: list of share links (powerfold.er/linkstable)

Vulnerability Type: Incorrect Access Control

Impact: Information Disclosure

Attack Type: Remote

Attack Vectors: authenticated, logic flaw exploit

Has vendor confirmed or acknowledged the vulnerability? Yes

Reference: https://powerfolder.atlassian.net/wiki/spaces/PF/pages/2150072341/PowerFolder+Server+17+SP3

Suggested description: In dal33t PowerFolder before 17.3.102, an authenticated attacker can obtain a list of all file-share links of all users, even though the intended behavior is to obtain the list of only this user's own links.

To exploit this, the attacker must visit /linkstable before creating any folder of their own.

This vendor tracks this issue as "INT-642 - Link visibility problems when user has no folders."

Discoverer: the developers knew about the vulnerability and its severity but did not inform their customers (dozens of universities and some companies in Germany and abroad).

When I discovered the unpatched vulnerability in my University's CampusCloud and found out the customers haven't been informed by the vendor, I decided to request a CVE and make this publication.

Please, use this information responsibly and only to urge the admins of affected instances to update immediately. The exploit requires a verified personal account and PowerFolder logs any access to those share links.

You can also take a look at the login page's source code to check the version:

image.png

Every version <17.3 is vulnerable.

]]><![CDATA[Cybersecurity Community on Linkedin and Discord]]>https://tobsec.com/cybersecurity-community-on-linkedin-and-discordhttps://tobsec.com/cybersecurity-community-on-linkedin-and-discordThu, 24 Feb 2022 10:59:47 GMTThese are the community resources I feel are the most valuable to me, personally:

Discord:

Linkedin:

If I forgot somebody or a discord link, please, let me know!

]]><![CDATA[This Special Char Can Really SCREW You: RLO (right-to-left override)]]> c...]]>https://tobsec.com/this-special-char-can-really-screw-you-rlo-right-to-left-overridehttps://tobsec.com/this-special-char-can-really-screw-you-rlo-right-to-left-overrideThu, 17 Feb 2022 11:34:52 GMTWindows users, did you know that an .exe or .bat file can look like a .jpg or .png file with the RLO (right-to-left override) character?

Here are two examples: A batch file like comment_space-vs-gnp.bat could look like an innocent PNG image like -> comment_space-vs-tab.png

And an EXE like luxury_picture_delugpj.exe could seem ingenuous as an JPG picture -> luxury_picture_deluexe.jpg

image.png

With an embedded icon the EXE would also look like a picture thumbnail.

How is this possible?

When renaming a file like luxury_picture_delugpj.exe in Windows -> place the cursor where you want the rest of the file name to appear spelled backwards (like luxury_picture_delu[CURSOR-HERE]gpj.exe) -> press the right mouse button -> select Insert Unicode control character (sounds dodgy already, right?) -> and hit RLO -> press ENTER / save the file name -> and it's DONE

image.png

The file name should now appear as in the 1st picture above: luxury_picture_deluexe.jpg. However, it is in fact still the very same EXE.

So, how to avoid getting screwed by an innocent looking ransomware, you may ask?

Simply and as ever before: NEVER TRUST FILE EXTENSIONS!

Plus: Some antivirus solutions might flag such RLO files as suspicious - so you might check out if yours does so.

]]><![CDATA[MUST-HAVE Tool for OSINT, Investigations and Graph Analysis: MALTEGO]]>https://tobsec.com/must-have-tool-for-osint-investigations-and-graph-analysis-maltegohttps://tobsec.com/must-have-tool-for-osint-investigations-and-graph-analysis-maltegoSat, 12 Feb 2022 11:57:08 GMTIf you're interested in #osint, #digitalforensics and #investigation tools and you haven't used or heard of Maltego Technologies' awesome graph analysis solution to this, yet, I can warmly recommend you taking their free essentials course as an insightful and fun introduction: courses.maltego.com/courses/maltego-essentials-v1

#maltego #freecourse #osintforgood #dothefreestufffirst #kalilinux #ethicalhacking #cybersecuity #graphanalytics

]]><![CDATA[How to get into HACKING real QUICK: New Pre-Security Learning Path on TryHackMe!]]>https://tobsec.com/how-to-get-into-hacking-real-quick-new-pre-security-learning-path-on-tryhackmehttps://tobsec.com/how-to-get-into-hacking-real-quick-new-pre-security-learning-path-on-tryhackmeTue, 06 Jul 2021 00:24:43 GMTIf you're even slightly interested in Ethical Hacking and Cyber Security and haven't heard of TryHackMe, I really can't emphasize enough, that you should definitely check it out - I mean like click on that (yes it's a referral, thanks and you're welcome) link now ;)

THM Logo

I personally have participated in a considerable number of CTFs (hacking challenges) by now, rooted some machines on HackTheBox and enjoyed some dedicated Kali Linux training already - and STILL I really enjoy even the basic stuff on THM! Why? I mean, look at it! How nicely it's layed-out, how thoroughly gamified and just how MUCH high-quality CONTENT there is:

as of now there are over 400 public rooms (labs) available

And all of them are deliberately focusing on the point. So, you will learn A LOT real quick.

Screenshot 2021-07-07 at 01-55-54 TryHackMe Cyber Security Training.png

And just recently, THM has released the new Pre Security Learning Path, which allows so-to-say ANYONE with a basic understanding of computers and the internet to learn the most important prerequisites of all those further hacking rooms and learning paths within a couple of days!

Inside the Pre Security Learning Path

Here you can see how they gamified learning "boring" stuff like the OSI-model:

OSI game

And here the TCP 3-way-handshake:

Human TCP Conversation

If you've ever thought something like "one of the things I'll never learn in my life is how to ride the unicycle and hacking", go to tryhackme.com straight away, register and head over to the Pre Security Learning Path and you'll almost certainly be surprised how much fun it can be to learn all this stuff in a gamified byte-sized manner!

Oh, and there might be one more motivation waiting for you – to earn such a fancy-glancy CERTIFICATE with you name on it:

TryHackMe Pre Security Learning Path Certificate

go!

]]>