Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

28 May 2024

During a former source code review, the security analyst X1r0z reviewed a publicly available Nexus repository and found no important details in JAR packages for Java Archives. However, after CyberKunlun’s recent vulnerability disclosure, the researcher revisited the same repository and developed a proof-of-concept exploit using the Jazzer Java fuzzing framework. Building on previous entries in this regard, the author has decided to share some insights on using Java fuzzing to discover vulnerabilities based on that experience and continuous work on fuzzing. To find out how this is done, it’s been described at length how the researcher got the nexus source code, established a debugging environment, and detected the vulnerability spot in WebResourceServiceImpl by comparing versions of codes.

Source: GBHackers

Date:

28 May 2024

Categorie(s):

NEWS

Tag(s):

Android, Cyber Security News, Google, Mobile Development, Nexus

Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit15 November 2024
Drinking water systems for 26M Americans face high cybersecurity risks15 November 2024
AI, hybrid identity, and cybersecurity’s next frontier: Key takeaways from Semperis CEO at HIP conference15 November 2024
For November, Patch Tuesday includes three Windows zero-day fixes15 November 2024
Keyboard robbers steal 171k customers’ data from AnnieMac mortgage house15 November 2024