Security issues

Here is a collection of security issues I found, disclosed and got fixed as an apprentice! This one is divided into two main parts corresponding to the company I worked with when finding the issues.

First one is Sircon and second SkyLabs. I have a pretty extensive Non Disclosure Agreement with SkyLabs. So anything I publish to the internet around them needs to be approved or clearly not covered by the NDA.

At SkyLabs I fixed the issues myself, but at Sircon they delegated all the boring support to me and the previous apprentice. So there I just disclosed the issue to the responsible person and both of them fixed their respective issues within an hour or so of the disclosure.

Posts

• SkyLabs

  Published 04/07/2022 Updated 23/08/2022
  SkyLabs has surprisingly good stability compared to expectations based on the codebase. I’m guessing it’s a byproduct of Python that let’s us fail pretty safely on almost all endpoints. The in-house development is mainly four services, two JS frontends and two Python Flask backends, all web. These services are a captive portal, it’s API and an admin interface web app and it’s API. We support lots of interesting authentication methods!~ Read More...

• Sircon

  Published 04/07/2022 Updated 08/08/2022
  These guys have a few beefy ass physical servers in their own rack in a supposedly EMP and fire safe room in the basement of their offices. Those physical machines run virtual machines that run WHM/cPanel and whatever PHP app the customer would like. But >90% of their customers are non-technical and just only interact with the default WordPress setup and maybe the e-mail service that comes with their cPanel. Most of the people calling in to their support line has problems using their e-mail, and it’s usually the end user who fucked up. Read More...