News Score: Score the News, Sort the News, Rewrite the Headlines
7.2

Security researcher chains SSRF vulnerabilities, ClickHouse SQL escaping zero-day, and default PostgreSQL credentials to achieve remote code execution in PostHog analytics platform during 24-hour vendor evaluation

mdisec.com #

Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain (ZDI-25-099, ZDI-25-097, ZDI-25-096) - Mehmet Ince @mdisec

It was yet another day at the office. Our team was internally discussing moving to a different platform analytics solution. Our team was really leaning more towards Posthog. It’s one of the brilliant -I personally believe it’s the best- products on the market. And that’s where the story has begun… We have a somewhat unconventional—some might say non-scalable—approach to vendor selection. Before we seriously consider adopting a product, we give ourselves a strict 24-hour “research window.” Not a ...

Read more at mdisec.com

© News Score  score the news, sort the news, rewrite the headlines
Leaderboard Submit About