WordPress Adicon Server version 1.2 suffers from a remote SQL injection vulnerability.MD5 | d0bd6a62cfc951cd0d1973abf8618e9b Download Source:packetstormsecurity.com
Finding the right exploit code
I am often looking for the right exploit code, to test and learn from in a lab setting, adapt and use during a penetration test, or to help determine the risk level of a finding during a risk assessment. An exploit is a small program, which exploits a specific vulnerability present in a software program. It […]
Reflected XSS on ws-na.amazon-adsystem.com(Amazon)
This is newp_th. This issue is very similar to my previous report on Reflected XSS on Stack Overflow. It was much easier than before, Just append a malicious payload “><script/k/>alert(113)</script/k/> to parameter. Few weeks after reporting this issue to amazon security team, I got a reply that issue has been resolved and to verify it again. On […]
BugBounty — “User Account Takeover-I just need your email id to login into your shopping portal account”
Hi Guys, A pending writeup about a very simple and yet critical vulnerability by which I was able to takeover any user account in a popular Online Shopping Portal. Let’s see what was the complete scenario — The most crucial part in software development when it comes to security is the integration. Majority of security […]
Wapiti – The Black Box Vulnerability Scanner for Web Applications
Wapiti is an open source tool that scans web applications for multiple vulnerabilities including data base injections, file disclosures, cross site scripting, command execution attacks, XXE injection, and CRLF injection. The database injection includes SQL, XPath, PHP, ASP, and JSP injections. Command execution attacks include eval(), system(), and passtru() vulnerabilities. Besides identifying the aforesaid vulnerabilities, […]
Sitadel – An Open Source Tool for Finding Web Application Vulnerabilities
Sitadel is a python based web application scanner. It’s flexible and has many different scanning options. It can get a full fingerprint of a server and bruteforce directories, admin pages, files etc. Also, it can search for injection type attacks (slq, html, xss, rfi, ldap and more), other information disclosures and popular vulnerabilities. Installing Sitadel […]
EU Offering Cash Bounty Incentives For Finding Security Flaws in Open Source Tools
The European Union (EU) is back with a third edition of its Free and Open Source Software Audit (FOSSA) plan of action for 2019. As a security audit measure, FOSSA relies on its bug bounty programme. This covers numerous open source projects like VLC, Apache, Filezilla, Kafka and more. EU has reserved the highest allocation towards […]
Recent Ransomware Affected Multiple US Based Newspaper Publications
Recent Ransomware Affected Multiple US Based Newspaper PublicationsWelcome to WordPress. This is your first post. Edit or delete it, then start writing! The end of 2018 didn’t go as smoothly as we wished. As disclosed, a massive malware attack disrupted the distribution of print based newspapers. The reports revealing more details have held the Ryuk […]