Khalil Shreateh specializes in cybersecurity, particularly as a "white hat" hacker. He focuses on identifying and reporting security vulnerabilities in software and online platforms, with notable expertise in web application security. His most prominent work includes discovering a critical flaw in Facebook's system in 2013. Additionally, he develops free social media tools and browser extensions, contributing to digital security and user accessibility.

Get Rid of Ads!


Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Latest Posts

 

 

FuguHub 8.1 RSA Private Key Disclosure

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 14
FuguHub 8.1, a web and file server, was found to FuguHub 8.1, a web and file server, was found to have a critical vulnerability that allowed unauthenticated attackers to download the server's RSA private key. This flaw stemmed from an insecure default configuration or a specific URL path that exposed sensitive server files.

Discovered by security researchers, the vulnerability meant an attacker could potentially decrypt past and future TLS/SSL encrypted communications. This also enabled them to impersonate the server, leading to severe man-in-the-middle attacks.

The disclosure of a private key is considered one of the most severe security breaches for any server. FuguHub subsequently released an update to address this issue. Users running affected versions were strongly advised to update their software immediately and regenerate their RSA private keys and associated certificates to mitigate the risk.

=============================================================================================================================================
| # Title : FuguHub 8.1 Public Disclosure RSA Private Key in Web-Accessible Documentation |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 145.0.2 (64 bits) |
| # Vendor : http://fuguhub.com |
=============================================================================================================================================

[+] References : https://packetstorm.news/files/id/213256/ & CVE-2025-65790

[+] Summary : A web-accessible documentation file was found to contain an embedded RSA private key paired with an X.509 certificate.
The affected file resides within an examples directory and is intended solely for demonstration purposes.

[+] POC :

Path : /ba/doc/en/examples/servercon.txt

demo : http://127.0.0.1/fuguhub/ba/doc/en/examples/servercon.txt

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================

Social Media Share