Ivan Marković

Security consultant and researcher

Long experience in designing and implementation of security solutions, mainly oriented on web, mobile and embedded applications. Author of penetration testing tools, recognized by OWASP organization and BackTrack Linux distribution. Researching work includes discovery of vulnerabilities of numeral applications and services, and for these, author received public apreciations by Microsoft Company.

Contact via Linkedin or read interesting staff on Twitter.


Overview of the Wordpress websites and their vulnerabilities

Data collected with "Lovac" script is processed (grep, sed, awk, wc) and then used to create nice metrics and graphs for threat landspace modeling.

Command injections via USB upgrade in MSTAR Set-Top box products

While I was working on diagnostic device for some of my clients I found command injections in MSTAR Set-Top box products. Diagnostic device is not specialy target this vendor but we used it in development phase and for testing. Vulnerable functionality is in automatic USB upgrade process. It is possible to inject additional commands via malicious files names.

Http Parameter Contamination

HTTP PARAMETER CONTAMINATION (HPC) original idea comes from the innovative approach found in HPP research by exploring deeper and exploiting strange behaviors in Web Server components, Web Applications and Browsers as a result of query string parameter contamination with reserved or non expected characters.

Real world examples: Bypass Mod_Security SQL Injection rule, Bypass URLScan 3.1 DenyQueryStringSequences rule

Overview of Serbian banks security vulnerabilities

Test in 10 min. with internet browser only for 3 years in a row (2009, 2010, 2011).

Serbian banks owned by public documents

Brief research whitepaper that describe security risks in informations that can be found in document properties and document headers. Year 2011.

Security Researcher Acknowledgments for Microsoft Online Services

The Microsoft Security Response Center (MSRC) is pleased to recognize the security researchers who have helped make Microsoft online services safer by finding and reporting security vulnerabilities.

September 2008, February 2009, March 2009, May 2009, September 2010, January 2011, August 2012

dotCMS Multiple Cross-Site Scripting Vulnerabilities

(CVE-2013-3484) dotCMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Symantec Endpoint Protection Manager Cross-Site Request Forgery and Cross-Site Scripting

(SYM12-001, CVE-2011-0550, CVE-2011-0551) Symantec Endpoint Protection Manager 12.1 web console is susceptible to cross-site scripting and cross-site request forgery that could potentially lead to arbitrary code execution.

IT Dashboard "value" Cross-Site Scripting Vulnerability

(SA44033) Ivan Markovic has discovered a vulnerability in IT Dashboard, which can be exploited by malicious people to conduct cross-site scripting attacks

UltraVNC Viewer Insecure Library Loading Vulnerability

(CVE-2010-5248, SA41208) The vulnerability is caused due to the UltraVNC Viewer loading libraries (e.g. vnclang.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a VNC file located on a remote WebDAV or SMB share.

Axon Virtual PBX Multiple Vulnerabilities

(SA39098) Some vulnerabilities have been discovered in Axon Virtual PBX, which can be exploited by malicious users to manipulate certain data or disclose sensitive information and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

Elastix "id_nodo" Local File Inclusion Vulnerability

(CVE-2010-1492) Elastix is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

Huawei HG510 Security Bypass and Cross-Site Request Forgery Vulnerabilities

(EDB-ID: 33648) Huawei HG510 is prone to multiple cross-site request-forgery vulnerabilities. Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible.

Exponent CMS Multiple Vulnerabilities

(CVE-2010-5002, SA36703) Some vulnerabilities and a security issue have been discovered in Exponent CMS, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting, SQL injection attacks and disclose system information

ESET Remote Administrator Script Insertion Vulnerability

(CVE-2009-0548) Input passed to the "ESET Administrator Additional Report Settings" interface is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in another user's context when the malicious report is viewed. Successful exploitation requires administrative user access.

Vivvo CMS "404 Page Not Found" Cross-Site Scripting Vulnerability

(CVE-2009-0466) Vivvo is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.  An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Kerio MailServer WebMail Cross-Site Scripting Vulnerabilities

(CVE-2008-5760) Kerio MailServer is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

SquirrelMail Malformed HTML Mail Message Script Insertion

(CVE-2008-2379) A cross-site scripting (XSS) vulnerability was discovered in SquirrelMail web interface, which allows to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. This can be triggered when viewing a malicious email message in HTML mode.

Link CMS Cross-Site Scripting and SQL Injection

(CVE-2006-6387) Link CMS is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

emuCMS "query" and "page" Cross-Site Scripting Vulnerabilities

(CVE-2006-4822) emuCMS is prone to a cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

vtiger CRM Multiple Vulnerabilities

(CVE-2006-4617, CVE-2006-4588, CVE-2006-4587) The vtiger CRM is prone to HTML-injection and access-control-bypass vulnerabilities because the application fails to properly sanitize user-supplied input and effectively control access to administrative modules.

SD Studio CMS SQL Injection Vulnerabilities

(CVE-2006-391) SD Studio CMS is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.

sNews "search_query" Cross-Site Scripting Vulnerability

(CVE-2006-3916) Input passed to the "search_query" parameters in snews.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.