skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Critical Vulnerabilities Found in PumpkinSpice Application

/ 1 min read

🎃 PumpkinSpice application reveals critical vulnerabilities in HTB challenge. The PumpkinSpice Flask application, designed for local access, was found to have a Stored XSS vulnerability due to improper handling of user input, allowing HTML rendering of addresses. This vulnerability can be exploited in conjunction with a Command Injection flaw present in a route that executes parameters without filtering. Local testing confirmed that an attacker could execute system commands and access sensitive files, including a flag from the root directory. The write-up details the exploitation process, demonstrating how these vulnerabilities can be chained to compromise the application effectively. For further insights, references to relevant security resources are provided.

Source
{entry.data.source.title}
Original