“Freelancer Office” by gitbench privilege escalation vulnerability

Working together with Digital Security Alliance, filling a request to do penetration testing through clients infrastructure, we found privilege escalation vulnerability in “Freelancer Office” by gitbench. The exploit affects all versions above 1.7 (including current release) and can be done in less than 2 minutes, with browser as the only required tool. Simple Google Dork due to scripts copyright allowed us to find hundreds of vulnerable targets within seconds. All of the targets confirmed that the issue indeed isn’t a false positive. Informing both the author gitbench (via wm@gitbench.com – William Mandai) and distributor Envato, CodeCanyon (via their support channel) is without

Continue Reading

“Hacking” into MacBook Pro to Recover files

It’s quite often to receive requests for fixing and reinstalling computers from private clients which I’ll decline almost every time. This case was different, as the task was actually interesting. Clients problem was having blue screen right after the booting of the Mac: Meaning it’s impossible to access any files on the computer, without removing hard drive (and thus, voiding warranty). I had done several tests before with Windows to access filesystem without any kind of authentication requirements, had never tried that on OS X… yet. So, lets begin with the setup: 16 GB Kingston Flash An Image (ISO) of

Continue Reading