Rhino Security Labs

Strategic & Technical Blog

Vulnerabilities Leading to RCE in
LabKey Server Biomedical Research Platform

David Yesland
October 29, 2019

This blog is a walkthrough of the three different vulnerabilities we discovered in the LabKey Server, a biomedical research platform–Stored XSS (CVE-2019-9758), CSRF leading to RCE (CVE-2019-9926), and XXE (CVE-2019-9757) allowing…

CompleteFTP Server Local Privilege Escalation

Bypassing IP Based Blocking with AWS API Gateway

Escalating AWS IAM Privileges with an
Undocumented CodeStar API

Spencer Gietzen

There are an extensive amount of individual APIs available on AWS, which also means there are many ways to misconfigure permissions to those APIs. These misconfigurations can give attackers the ability to abuse APIs to gain more privileges…