HTB Sorcery CTF: Rust Macro Flaw Enables Neo4j Cypher Injection Chain

·1 views

A Hack The Box challenge called Sorcery demonstrates a multi-stage attack chain exploiting three CVEs across a Rust web app, Neo4j graph database, and Gitea instance. The first vulnerability involves a JWT authentication bypass where the server mistakenly uses its own public RSA key as an HMAC secret, allowing attackers to forge admin session tokens using publicly available key data. A second flaw in the code-search endpoint directly concatenates user input into Cypher queries, enabling injection attacks that can leak password hashes or trigger outbound network calls via Neo4j's APOC procedures. The third and most notable bug originates in a custom Rust derive macro that auto-generates Cypher query fragments from struct fields, where a subtle typo in the macro's AST traversal introduces an unsanitized field identifier into database queries. Together, the chain illustrates how a low-severity macro authoring mistake can escalate into full database compromise without ever directly accessing the Neo4j port.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Why AI Agent Limits Are a Chance to Sharpen Your Engineering Skills

Running multiple AI agents simultaneously can feel powerful, but users quickly encounter hard limits in the form of token quotas, costs, and wait times that halt progress entirely. When agents go idle, developers are left with idle time that the author argues is better spent on reflection than on reflexively buying more tokens. The article draws a parallel between mentoring junior human colleagues and actively reviewing and questioning the decisions made by AI agents, treating the interaction as a two-way learning process. Engaging critically with an agent's output — asking it to explain its reasoning — is presented as a practical way to build the deeper engineering mindset that makes someone a more effective AI collaborator. The core message is that human judgment, skill-building, and deliberate review remain the most efficient optimizers of time, money, and token usage.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

How to Build a Production-Grade Authentication System Using NestJS

A developer has shared a guide on constructing a robust, production-ready authentication system using the NestJS framework. The project covers key security practices essential for real-world applications. The accompanying source code has been made publicly available on GitHub for developers to reference and use. The repository, hosted under the username PeaceMelodi, is titled 'secure-authentication-api'. The resource targets developers looking to implement reliable authentication in their NestJS projects.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Solo founders should choose alert tools based on required action, not habit

A solo SaaS founder initially defaulted to Slack for real-time alerts due to familiarity from past jobs. After reconsidering, they adopted a new mental model: the right notification tool should be chosen based on what action the alert will trigger, not personal preference. The key principle they settled on is that if you cannot define a clear action to take after receiving a notification, it does not need to be real-time. The founder also noted that a daily digest is often more informative than dozens of individual pings throughout the day. They are still implementing this approach for their own SaaS but consider the framework itself well established.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Builds PocketDex Tracker to Manage Pokemon TCG Pocket Collections

A developer has released PocketDex Tracker, a web app designed to help Pokemon TCG Pocket players manage and track their card collections. Built with Next.js App Router, React 19, and Supabase, the app lets users mark cards as owned or missing, monitor set completion progress, and search by name, rarity, or type. Supabase handles authentication and a Postgres database with row-level security, ensuring each user's collection data remains private. The app also features a pack recommendation engine that calculates expected pull odds based on cards a user still needs. The project is live on Vercel and open-sourced on GitHub under the repository mwiginton/pocketdex-tracker.

0 comments Read more at DEV Community