This story was originally published on HackerNoon at:
https://hackernoon.com/one-empty-header-to-admin-how-an-auth-bypass-breaks-openbullet2.
Five vulnerabilities in OpenBullet2: an empty API key, path traversal, RCE, and an NTLM hash leak.
Check more stories related to cybersecurity at:
https://hackernoon.com/c/cybersecurity.
You can also check exclusive content about
#ethical-hacking,
#rce,
#exploit,
#openbullet2,
#what-is-openbullet2,
#openbullet2-explained,
#vulnerabilities,
#cybersecurity-awareness, and more.
This story was written by:
@vognik. Learn more about this writer by checking
@vognik's about page,
and for more stories, please visit
hackernoon.com.
This article walks through 5 CVEs: an empty X-Api-Key header that bypasses authentication by default, arbitrary C# and script-file execution, a wordlist path traversal granting arbitrary file read/write/delete as root, and an NTLMv2 hash leak on Windows.