From Code Analysis to RCE (CVE-2023-22953)
TL;DR:
In this article, I detail my journey of discovering CVE-2023-22953 through a source code review process. I explain the steps involved, including taint analysis, manual code review, runtime debugging, and flow analysis. By following these methods, readers can gain insights into identifying and addressing vulnerabilities within their own codebase effectively.
Index
- Introduction
- Data flow analysis
- source & sink concept
- Understanding the code
- manual code review
- automated code review
- SARIF format (SARIF viewer / explorer)
- Spotting the vulnerability
- Runtime debugging
- Setting up the environment
- Verifying the vulnerability
- Runtime debugging
- PHP Insecure deserialization
- Exploitation deserialization
- ROP vs POP
- Custom gadget chain
- Final Exploit
This post is licensed under CC BY 4.0 by the author.