load without any analysis (file header at offset 0x0): r2 -n /path/to/file
- analyze all:
aa - show sections:
iS - list functions:
afl - list imports:
ii - list entrypoints:
ie - seek to function:
s sym.main
Naretena A. 6en6ar
6en6ar
/ gist:361608bccedb808061359481fe2f1b39
Last active
June 30, 2025 11:39
Public disclosure for a security issue inside string-math v1.2.2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Product: https://www.npmjs.com/package/string-math | |
| Version: v1.2.2 | |
| Vulnerability type: Regex Denial of Service | |
| CVE ID: CVE-2025-45143 | |
| Description: The regex on line 7. inside string-math.js is vulnerable to Regex Denial of Service if a long input is provided, | |
| in this case a long input of null bytes and tabs will cause the application to crash eventually. | |
| Payload used: |
6en6ar
/ gist:5d39374d6ced8acbe489e0b1b932d056
Created
January 23, 2025 11:27
Public disclosure for a security issue inside KW Hotel desktop application
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Product: https://kwhotel.com/download/kwhotel-free/ | |
| Version: v0.47 | |
| Vulnerability type: CSV injection | |
| CVE ID: CVE-2023-46400 | |
| Description: CSV Formula Injection inside KWHotel Free edition through version 0.47 inside add guest functionality. | |
| When adding a guest a payload in form of a csv injection can be embedded inside the comment field of the guest. | |
| The input is not validated and can be exported to a csv file resulting in a csv formula injection. Payload used: | |
| @SUM(44+44)*cmd|' /C powershell'!A0 |
6en6ar
/ gist:78168687da94e8aa2e0357f2456b0233
Created
January 15, 2025 12:21
Public disclosure for a security issue inside parse-uri library
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Product: https://www.npmjs.com/package/parse-uri | |
| Version: v1.0.9 | |
| Vulnerability type: Denial of Service | |
| CVE ID: CVE-2024-36751 | |
| Description: There is a possible Denial of service when repeating characters are added to a url being parsed. | |
| It seems that the regex for checking the url on line 28. and 29. in index.jsis vulnerable to regex denial of service; | |
| Github issue: https://github.com/Kikobeats/parse-uri/issues/14 |
6en6ar
/ gist:a4977866c59cbcfc716f0f2717b812bf
Created
April 29, 2024 10:38
Public disclosure for a security issue inside s3-url-parser library
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Product: https://www.npmjs.com/package/s3-url-parser | |
| Version: 1.0.3 | |
| Vulnerability type: Denial of Service | |
| CVE ID: CVE-2024-25355 | |
| The regexes defined on lines 7. , 17. and 27. inside https://github.com/AntonioRecaldeRusso/s3-url-parser/blob/master/index.js | |
| are vulnerable to regex denial of service when a long input is provided resulting in a crash. | |
| I've managed to reproduce it with this code: | |
| import s3ParseUrl from 's3-url-parser'; |
6en6ar
/ gist:c3b11b4058b8e2bc54717408d451fb79
Last active
March 20, 2024 07:41
Security issue in domain-suffix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Product: https://www.npmjs.com/package/domain-suffix | |
| Version: 1.0.8 | |
| Vulnerability type: Denial of Service | |
| CVE ID: CVE-2024-25354 | |
| The regex defined on line 28. inside https://github.com/ikrong/domain-suffix/blob/master/src/domainSuffix.ts | |
| is vulnerable to Regex Denial of Service. When a long string is provided to the application without specifying "/" character | |
| the function parse will be stuck for indefinite amount of time, in this case 10 seconds, but this can be | |
| amplified if more characters are added. | |
| PoC code: |
6en6ar
/ gist:c792d8337b63f095cbda907e834cb4ba
Created
February 14, 2024 22:36
Security issue inside urlite through version v.3.1.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| A regex defined on line 1. inside https://github.com/alanclarke/urlite/blob/master/lib/pattern.js inside npm package "Urlite" | |
| (https://www.npmjs.com/package/urlite) is found to be vulnerable to Regex Denial of Service when malicious input containing a long regex input is | |
| provided to the application that parses a URL. When a malicious payload is provided to the parsing | |
| function the application will hang for indefinite amount of time causing Denial of Service. | |
| If more requests are sent using the same payload it can result in | |
| Distributed Denial of service potentially rendering the service unavailable. | |
| Payload that was used: | |
| var payload ='//:' + '\t:\t'.repeat(90000)+ '\t' |
6en6ar
/ gist:7c2424c93e7fbf2b6fc44e7fb9acb95d
Last active
December 5, 2023 17:12
Security issue in regex inside git-urls package
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [NAME OF AFFECTED PRODUCT(S)] | |
| - https://pkg.go.dev/github.com/whilp/git-urls v1.0.0 | |
| [AFFECTED AND/OR FIXED VERSION(S)] | |
| - v1.0.0 | |
| - Status: not fixed | |
| [VULNERABILITY] |
6en6ar
/ gist:712a4c1eab0324f15e09232c77ea08f8
Created
October 19, 2023 19:43
Vulnerability inside the node-email-check npm package through version 1.0.4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The regex on line 10. inside https://github.com/teomantuncer/node-email-check/blob/main/main.js is vulnerable to a Regex Denial of Service | |
| if a malicious string is provided causing the application using the package to hang. | |
| Proof of concept code to test it: | |
| const emailCheck = require('node-email-check'); | |
| // async request with mx check | |
| //await emailCheck.isValid('[email protected]'); | |
| // sync request without mx check |
6en6ar
/ gist:b118888dc739e8979038f24c8ac33611
Created
June 20, 2023 22:39
Public disclosure of vulnerability inside the urlnorm crate through 0.1.4 for Rust
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Regex Denial of service in urlnorm package on https://crates.io/crates/urlnorm | |
| The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. | |
| The regex defined on line 37. in https://github.com/progscrape/urlnorm/blob/main/src/lib.rs used for trimming .html and other | |
| extensions when normalizing the url is vulnerable to a Regex Denial of Service when malicious input is provided. | |
| Poc Code: | |
| ''' | |
| use url::Url; |
6en6ar
/ yet another radare2 cheatsheet.md
Created
April 2, 2022 09:59
— forked from williballenthin/yet another radare2 cheatsheet.md