Lander Brandt

Student, security researcher, programmer

Recent Posts

Apple ImageIO Denial of Service

published on
#png #bleed #vulnmarketing #infosec #hype. click the image if you're using Safari Application Services is a framework in iOS and OS X which provides what’s known as the Image I/O framework. ImageIO itself is a collection of utilities and data types for parsing various image formats. It’s used in many OS X and iOS applications including: Tweetbot Safari Messages Mail Preview Some popular applications that do not use ImageIO include: Chrome Firefox Telegram Given the impact of media processing bugs such as Stagefright I decided that this would be a good target for fuzzing. Read More...

Finding a CSRF vulnerability in phpBB

published on
The phpBB team released phpBB version 3.1.7-PL1 on Jan 11, 2016 which fixed a CSRF issue I found in the admin control panel BBCode creation form. Since BBCode is basically whitelisted HTML created by admins this CSRF vulnerability could allow an attacker to inject arbitrary HTML or JavaScript into forum posts. This was my first time looking at phpBB and I was very happy with actually being able to find something with significant impact within a few hours. Read More...

CVE-2016-1902: Symfony SecureRandom

published on
Overview Recently the Symfony project published a security advisory to the SecureRandom class in their Security component that affects Symfony versions 2.3.0-2.3.36, 2.6.0-2.6.12, 2.7.0-2.7.8. On most sane systems there is no problem, but in the event that something goes wrong the SecureRandom::nextBytes() falls back to a custom random number generator which creates insecure random numbers. Details The nextBytes() function has three methods of RNG: If the PHP 7 random_bytes() function exists, that is used. Read More...