[goshs] Part #3 - I can haz featurez?

In this blog post I will add a few new features to our beloved goshs. I will give the user the opportunity to upload files to the current directory. Also I will implement a self-signed certificate and tls for the webserver. Finally there will be basic authentication.
Read more →

[goshs] Part #2 - Trying to achieve code quality

In this blog post I will pickup the progress of the previous post and I will try to achieve some kind of code quality by splitting up the code and outsourcing the handler into an own “class”.
Read more →

[goshs] Part #1 - My take on SimpleHTTPServer in go

In this blog post I will describe how I replicated python’s SimpleHTTPServer functionality in go using only the standard libraries. This is a very technical post and will guide through the complete implemention of it. It is aimed at go beginners and intermediates.
Read more →

[CVE-2020-14293] and [CVE-2020-14294] 2 vulnerabilities in Secure File Transfer Solution Qiata by Secudos

The Secure File Transfer Solution Qiata by Secudos suffers from two vulnerabilities. One persistent Cross-Site Scripting and one Authenticated OS Command Injection with Privilege Escalation. This post will describe the vulnerabilities in detail.
Read more →

[CVE-2020-15492] INNEO Startup Tools 2017/2018 - From Path Traversal to RCE

INNEO Startup Tools has a path traversal vulnerablility in versions up to 2018 M040 (13.0.70.3804). This post will show the details of the vulnerability and how to leverage it to gain RCE.
Read more →