SensePost
SensePost
Services
Education
About Us
Careers
Blog
Get in Touch
Our Blog
Our news
All you need to know
2020 (3)
2019 (10)
2018 (14)
2017 (27)
2016 (22)
2015 (17)
2014 (15)
2013 (30)
2012 (27)
2011 (33)
2010 (36)
2009 (81)
2008 (75)
2007 (80)
Categories
Categories
Active directory (3)
Internals (5)
Bloodhound (1)
Dacls (1)
Mimikatz (1)
Powerview (1)
Rubeus (1)
Browser (1)
Browsers (1)
Chrome (1)
Exploit development (2)
Exploitation (1)
Javascript (1)
Reverse engineering (2)
V8 (1)
Fun (58)
Hardware (4)
Playstation (1)
Reversing (16)
Internal (2)
Webapps (13)
Radio (1)
Real-world (20)
Redteam (1)
Rf (2)
Shells (5)
Usb (2)
Doom (1)
Frida (4)
Games (1)
Sensecon 2019 (1)
Cve (5)
Exploit (13)
Variant analysis (1)
Vulnerability research (1)
Code analysis (1)
Cve-2019-15937 (1)
Cve-2019-15938 (1)
Ql (1)
Semmle (1)
Vulnerability (2)
Unknowncategory (1)
Metasploit (5)
Meterpreter (1)
Objection (1)
Defcon (8)
Relay (1)
Rogue-ap (5)
Tool (2)
Wifi (10)
Cve-2019-0547 (1)
Cve-2019-0726 (1)
Dhcp (1)
Kb4480966 (1)
Patch diffing (1)
Research (72)
Diffing (1)
Protocol (1)
Windows (4)
Backdoor (3)
Lsass (1)
Password (1)
Deepdive (2)
Ios (6)
Mac (16)
0day (1)
Cve-2018-19204 (1)
Prtg network monitor (1)
Web application (1)
How-to (4)
Howto (23)
Webassembly (1)
Opsec (1)
Tin-foil-hat (8)
Bypass (3)
Command execution (1)
Dns (1)
Experiment (2)
Ioc (1)
Malware (2)
Tools (78)
Tunnelling (2)
Mitm (5)
Heap (7)
Heap linux (7)
Heap overflow (4)
Apngopt (2)
Exploitaion (4)
Bash (1)
Curl (1)
Efficiency (1)
Shell (1)
Mq (1)
Detection (1)
Analysis (13)
Build-it (5)
Interception (1)
Tricks (6)
Sdr (3)
Cracking (1)
Gdb (1)
Apng (1)
Android (4)
Double free (2)
Linux (4)
Automated network scanner (2)
Challenge (4)
Bsides (1)
Go go go (1)
Screenshot (1)
Crypto (9)
Office (1)
Burp (1)
Certificates (2)
Defence (1)
Skimmers (1)
Materials (5)
Pwnage friday (1)
Painless (1)
Ptmalloc2 (1)
About:us (46)
Mobile (15)
Blackhat (43)
Training (54)
Apache server (1)
Fuzzing (1)
Httpd (1)
Afl (1)
Cve-2017-7668 (1)
Printf (1)
Conferences (91)
Ook (1)
External (1)
Troopers (1)
Abuse (1)
Empire (3)
Programming (19)
B-sides (5)
Nmap (2)
Presentations (9)
Dll injection (1)
Hooking (2)
Anti-virus (1)
Maltego (6)
Snoopy (3)
Pentest (6)
Powershell (2)
Defense (3)
Infrastructure (5)
Blackbox (1)
Ransomware (1)
Post-exploitation (4)
Skype (3)
Transforms (1)
Zacon (1)
Willemluvscuddles (1)
Clickjacking (2)
Hipsterlurv (1)
Jack (1)
Hipster (1)
Ssl (1)
.za (3)
Jobs (5)
Product (4)
#legit (1)
Press release (4)
Interns (1)
Python (9)
Broadview (4)
Xml (1)
Malware analysis (1)
44con (6)
Show-off (1)
Z-force (1)
Z-wave (1)
Infosec-soapies (26)
Local (8)
Silly-yammerings (21)
Google (1)
Memory analysis (1)
Footprinting (2)
Hackathon (1)
Privacy (7)
Community (21)
Surveillance (1)
Solution (1)
Rsa (1)
Secureid (1)
Crest (1)
Sap (2)
Threat modelling (6)
Rambling (2)
Uk (2)
Zaprize (2)
Auditors (1)
Metrics (3)
Risk management (2)
Vendors (7)
Metricon (2)
Report-info (1)
Uncon (2)
Windows phone (1)
Auctions (1)
Penny (1)
Pickle (4)
Consulting (1)
Policy (1)
Ccdcoe (1)
Estonia (1)
.ac.za (1)
Vulnerability management (10)
Travel (2)
Suru (1)
Cloud (12)
Memcached (2)
Management (1)
Risk (1)
Proxy (1)
Hackrack (2)
Goodbye (1)
Fail (3)
Imsojaded (2)
Pci (2)
Videos (6)
Hope? (2)
Wasc (1)
Security-news (6)
Mindless-politics (4)
Security-fyi (8)
Qo[w|m|?] (4)
Time-waster (6)
Tech-toys (3)
Zen-hacking (3)
Foos (1)
Readme (1)
Web_x.0 (2)
Mindmaps (1)
Writing-advice (1)
Close
The power of variant analysis (Semmle QL) CVE-2019-15937 and CVE-2019-15938
Reading time: ~11 min
Posted by Hector Cuesta on 28 October 2019
Categories:
Cve
,
Exploit
,
Variant analysis
,
Vulnerability research
,
Code analysis
,
Cve-2019-15937
,
Cve-2019-15938
,
Ql
,
Semmle
,
Vulnerability
Intro This post will try to do a small introduction to the QL language using real-world vulnerabilities that I found...