• GFI Mail Archiver 15.1 – Telerik UI Component Arbitrary File Upload (Unauthenticated) Exploit

    GFI Mail Archiver is a product from GFI Software which is used for archiving emails. It is a product that is used by many organizations to protect and keep their emails backed up and secure. This vulnerability affects GFI Mail Archiver <= 15.1 which is the latest version available right now. The exploit requires no authentication and any type of file can be uploaded to the web server running this application. I decided to release this exploit to public because GFI refused to fix this vulnerability even after giving them over 4 months of time. https://www.exploit-db.com/exploits/50181

  • Creating a Cheap Rubber Ducky aka Bad USB With Attiny85

    I live in a country where most of the cool gadgets don’t get shipped. Offensive Security doesn’t ship the certificates here, Hak5 doesn’t send their gadgets here, and the list goes on. I really wanted to work with USB Rubber Ducky from HAK5 when I learned how amazing it was. I sought one for myself but It wasn’t very long till I found that they do not ship it here or anywhere closer to me. Time passed and one day I came across an article that talked about a programmable USB called Digispark USB Development Board which uses Attiny85 based micro-controller and I knew exactly how this would come in…