MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??

Name: MAJOR EXPLOIT: GitLab was Hacked with an IMAGE??
Uploaded: Jan 19, 2024
Duration: 920 s

213.4K views

Jan 19, 2024

15:20

Try SquareX for free today! 👉 https://sqrx.io/db_yt In this video, we take a deep dive into the GitLab / ExifTool metadata parsing vulnerability, which enables attackers to gain access to GitLab servers via an RCE (remote code execution). Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in escape sequences, code evaluation, and character parsing is critical. JOIN THE DISCORD! 👉 https://discord.gg/WYqqp7DXbm 0:00 - Overview 0:26- Metadata 1:59 - DjVu 2:34 - C Escape Sequences 4:18 - Structure 11:14 - Exploit 13:45 - SquareX Hackerone report https://hackerone.com/reports/1154542 William Bowling’s report https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html Vulnerable code https://github.com/exiftool/exiftool/blob/11.70/lib/Image/ExifTool/DjVu.pm Patch https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031 SquareX socials: Twitter: https://twitter.com/getsquarex LinkedIn: https://www.linkedin.com/company/getsquarex/ Instagram: https://www.instagram.com/getsquarex/ Facebook: https://www.facebook.com/getsquarex Blog: https://labs.sqrx.com/ MUSIC CREDITS: LEMMiNO - Cipher https://www.youtube.com/watch?v=b0q5PR1xpA0 CC BY-SA 4.0 LEMMiNO - Firecracker https://www.youtube.com/watch?v=ulfoU2MziOc CC BY-SA 4.0 LEMMiNO - Nocturnal https://www.youtube.com/watch?v=epmoV2HRs9U CC BY-SA 4.0 LEMMiNO - Siberian https://www.youtube.com/watch?v=5py6E6yo7wk CC BY-SA 4.0 LEMMiNO - Encounters https://www.youtube.com/watch?v=xdwWCl_5x2s CC BY-SA 4.0 #programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #JPEG #encoding #lowlevelsecurity #zeroday #zero-day #cybersecurityexplained #bugbounty #memorymanagement #gitlab #security #cybersecurity #github #git #versioncontrol #breaches #databreaches #bug #bugbounty #pentesting #penetrationtesting #BeFearlessOnline #SquareX #Befearless&SecureOnline #Cybersecurity #Privacy #Security #Cybersec

Download

1 formats

Video Formats

360pmp432.0 MB

Download

Right-click 'Download' and select 'Save Link As' if the file opens in a new tab.