In this post we will cover the basics of Event Logging in Linux systems. We will talk about Syslog: Message structure, the most famous implementations and main configurations. We will also play with the inner workings of Linux logging using UNIX sockets, logger and syslog services. Let’s get to it! What is Syslog? Syslog is a standard (RFC5424) used for log management. This management can be local or remote. Do not confuse syslog standard with syslog applications like Syslog-ng, Rsyslog, Nxlog… In some of the most famous Linux distros like Ubuntu, Debian or Fedora, Rsyslog is installed by default.
During a recent engagement, our AppSec team faced an interesting instance of limited Server Side Template Injection in Freemarker. Since we were not able to find online any deep-through analysis of what can be done when certain security restrains are in place, we decided to write this post, in which we will try to highlight interesting use-cases and workarounds for achieving cool things through Freemarker injection. Scenario We were tasked with the testing of a Content Management System (CMS) application used by the client to publish contents in their website.
It is widely known how dangerous using unsanitized data in SQL queries can be. Apart from not appending user’s provided data to an SQL query, another valid and secure alternative would be to use parametrized queries. One could think that just by using the Content Resolver provided by Android, SQL queries would be automatically protected, but that’s false if it’s used wrong. If arguments are directly concatenated to a Content Resolver’s selection parameter, this action could lead to an SQL injection attack.