Back to directory

WRITEUP #2386

Advanced Inter-Process Desynchronization in SAP’s HTTP Server

RCEMemory corruptionHTTP request smugglingWeb cache poisoningDesync attack

by@tincho_508(Martin Doyhenard)

Program

SAP

Published

Aug 10, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://i.blackhat.com/USA-22/Wednesday/US-22-Doyhenard-Internal-Server-Error-wp.pdf

▸ RELATED WRITEUPS

4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways

RCEBuffer Overflow

Gudifu: Guided Differential Fuzzing for HTTP Request Parsing Discrepancies

OtherWeb cache poisoning

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Built with ❤️ by Shubham Rawat