Posts

Showing posts from July, 2019

Dark ozpy

Image
When Zimbra XXE and SSRF vulnerability has been found and published by tint0 in his blog i actively do the RnD to reproduce it by using Burp Suite and postman. The result is the CVE are working then i do broadcast to my team for the upgrade ASAP because at that time if anyone publishing the exploit it can lead to RCE (remote code execution) which a lot of things can do such as putting backdoor, etc.
Then i create a script for doing automation to scan several vulnerability zimbra (thanks to shodan and google dorks) if it's found then i do fetch some information and a POC after that i send them an email like this.

Simple Python XML/HTML tag builder

When i working with Django sometime i need to write a raw HTML string that will be rendered such as in template tags, etc. Since i also use another web framework (Yii2) which has a lot of utilities, one of the tools is for generating HTML tags with ease. So sometime i miss that a lot while in this situation.
After search through google i found there are some available XML or HTML tag builder but it seems too complex for just my simple needs. so I tend to create one

Solving: another popup event cannot be used in BT4 while modal is open

Issue ini pernah saya alami dulu, namun pada saat sekarang pada saat menggunakan library yang sama ternyata belum fix juga. Untuk reproduce issue ini adalah dengan trigger popup like dialog yang membutuhkan focus diatas modalnya bootstrap 4. maka hasilnya (per tulisan ini dibuat) adalah popup tersebut tidak muncul (karena modal bt4 enforcing paling atas). solusinya adalah dengan disable enforcing focus tersebut dengan kode berikut ini.