Hi, I’m Ilya and I do security engineering and automation, threat analysis and research.
I’m an occasional open source contributor.
ServeMux and a path traversal vulnerability
As a passionate Go developer, I’ve come to appreciate the language’s simplicity and power. However, even in a well-designed language like Go, security vulnerabilities can lurk in unexpected places. In this post, we’ll explore a common misconception about Go’s ServeMux that can lead to a path traversal vulnerability. TL;DR: Many developers assume that ServeMux always sanitizes URL request paths, but this isn’t always the case. The Issue Consider the following code snippet, where we let the user read the files content in /tmp folder:...
Rapid analyzing Sonar HTTP datasets
Sometimes you need to gather threat intelligence data as quickly as possible, and Rapid7’s Project Sonar Opendata can provide great insights. However, there’s a challenge: you can’t easily grep the HTTP response body with the lovely jq tool because the data field in the resulting JSON is base64 encoded: { "data": "SFRUUC8xLjAgNDAwIEJhZCBSZXF1ZXN0DQpTZXJ2ZXI6IEFrYW1haUdIb3N0DQpNaW1lLVZlcnNpb246IDEuMA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAyMDgNCkV4cGlyZXM6IE1vbiwgMjMgQXByIDIwMTggMDc6NDA6MjkgR01UDQpEYXRlOiBNb24sIDIzIEFwciAyMDE4IDA3OjQwOjI5IEdNVA0KQ29ubmVjdGlvbjogY2xvc2UNCg0KPEhUTUw+PEhFQUQ+CjxUSVRMRT5JbnZhbGlkIFVSTDwvVElUTEU+CjwvSEVBRD48Qk9EWT4KPEgxPkludmFsaWQgVVJMPC9IMT4KVGhlIHJlcXVlc3RlZCBVUkwgIiYjOTE7bm8mIzMyO1VSTCYjOTM7IiwgaXMgaW52YWxpZC48cD4KUmVmZXJlbmNlJiMzMjsmIzM1OzkmIzQ2OzFmMzEzMjE3JiM0NjsxNTI0NDY5MjI5JiM0NjsyNDFiOGFmCjwvQk9EWT48L0hUTUw+Cg==", "host": "REDACTED", "ip": "REDACTED", "path": "/", "port": 80, "vhost": "REDACTED" } While you could probably grep this using a decent bash script, I believe I have a better option....