Blog
Sonar's latest blog posts
What is Clean Code?
If you’ve followed us for a while, you most likely noticed that we changed the way we describe what we do: from “code quality” to “continuous code inspection,” then “code quality and code security”… to Clean Code.
But what is Clean Code, and what does it encompass?
dotCMS 5.1.5: Exploiting H2 SQL injection to RCE
In this blog post we will show how to exploit a SQL injection vulnerability (CVE-2019-12872) found by RIPS Code Analysis in the popular java-based content management system dotCMS and how we escalated it to execute code remotely.
Read Blog post >
MyBB <= 1.8.20: From Stored XSS to RCE
This blog post shows how an attacker can take over any board hosted with MyBB prior to version 1.8.21 by sending a malicious private message to an administrator or by creating a malicious post. We use a chain of two security vulnerabilities detected in the code.
Read Blog post >
The Hidden Flaws of Archives in Java
Archives such as Zip, Tar, Jar or 7z are useful formats to collect and compress multiple files or directories in a container-like structure. However, the extraction of archives can introduce security risks which resulted in multiple critical vulnerabilities in popular applications in the past. In this post we explain the risk behind archive extraction and show how to securely extract archives in Java.
Read Blog post >
The NeverEnding Story of writing a rule for argument passing in C++
Here is a story of a rule, from concept to production. While the selected rule is for C++, this story contains interesting insight on the craft of rule development, no matter the target language.
Read Blog post >
WordPress 5.1 CSRF to Remote Code Execution
This blog post reveals another critical exploit chain for WordPress 5.1 that enables an unauthenticated attacker to gain remote code execution (CVE-2019-9787).
Read Blog post >
Announcing the SonarCloud Pipe for Bitbucket Cloud users!
SonarSource is proud to be a launch partner of the Atlassian Bitbucket Pipes. Thanks to the SonarCloud Scan Pipe, you can configure code analysis in your Bitbucket Pipeline in no time.
Read Blog post >
WordPress 5.0.0 Remote Code Execution
This blog post details how a combination of a Path Traversal and Local File Inclusion vulnerability lead to Remote Code Execution in the WordPress core (CVE-2019-8943). The vulnerability remained uncovered in the WordPress core for over 6 years.
Read Blog post >
CTF Writeup: Complex Drupal POP Chain
A recent Capture-The-Flag tournament hosted by Insomni’hack challenged participants to craft an attack payload for Drupal 7. This blog post will demonstrate our solution for a PHP Object Injection with a complex POP gadget chain.
Read Blog post >
WordPress Privilege Escalation through Post Types
A logic flaw in the way WordPress created blog posts allowed attackers to access features only administrators were supposed to have (CVE-2018-20152). This lead to a Stored XSS and Object Injection in the WordPress core and more severe vulnerabilities in WordPress’s most popular plugins Contact Form 7 and Jetpack.
Read Blog post >
phpBB 3.2.3: Phar Deserialization to RCE
A new PHP exploit technique affects the most famous forum software phpBB3. The vulnerability allows attackers who gain access to an administrator account to execute arbitrary PHP code and to take over the entire board (CVE-2018-19274).
Read Blog post >
WordPress Design Flaw Leads to WooCommerce RCE
WordPress Design Flaw Leads to WooCommerce RCEA flaw in the way WordPress handles privileges can lead to a privilege escalation in plugins. This affects for example the popular WooCommerce.
Read Blog post >