Entries of April, 2010

I recently had the time to test Google’s Skipfish. It is a fully automated penetration testing tool and was just published some weeks ago. This little tutorial will show Debian/Ubuntu users how to install it and perform the first test. I. Introduction Tools like Nessus and Nmap are indispensable when it comes down to security […]

(Continue reading…)

View the original advisory here. This is most probably the most funny advisory I ever published. I found some decent vulnerabilities within the code of the very popular counter “chCounter”. It is fact a very cool counter. Simply implement the counter file into your website and view the stats in the admin backend. >> #1 […]

(Continue reading…)

The community manager of Xen.org just announced the availablity of a new overview of the Xen.org history: http://www.xen.org/community/xenhistory.html It is very interesting for those who have been following Xen since it emerged in the world of virtualization. For me, the highlight of the history page are the old documents from 2005: http://www.xen.org/xensummit/xensummit_2005.html Some of those […]

(Continue reading…)

Please view the advisory here. The small guestbook “Sethi Family Guestbook” suffers from several XSS vulnerabilities. Please read the advisory for details.

(Continue reading…)

View the advisory here. The image gallery script “Auto-Img-Gallery” suffers from a XSS vulnerability. Furthermore SQL injection might be possible since I got some SQL errors just by browsing trough the script and playing around with the URI. Still need to find out if there is a way to exploit this.

(Continue reading…)

Please view the txt advisory here. The actually very nice guestbook “Guestbook PHP” suffers from a XSS vulnerability. The guestbook fails to properly sanitize the user input when a new entry is added. When HTML/Java Script code is added, it gets displayed/parsed when the new entry was successfully submitted. Furthermore the code gets executed when […]

(Continue reading…)

View the original advisory here. >> Product information Name = FlashCard Vendor = tufat.com Vendor Website = http://www.tufat.com/script9.htm Affected Version(s) = Only tested with 2.6.5, other versions may also be affected >> #1 Vulnerability Type = XSS Example URI = flashcard/stateless/cPlayer.php?id=”><iframe src=http://www.google.de>

(Continue reading…)

Please view the original advisory here. The very popular download manager dl_stats suffers from various vulnerabilities. #1 SQL Injection #2 XSS #3 Unprotected Admin Panel The vendor seems to have rewritten the software, since version 2.0 dl_stats is no longer vulnerable to SQLI and XSS. But… 90 percent of the websites using dl_stats did NOT upgrade […]

(Continue reading…)

Since 2009, Milw0rm seems to be “dead” and no longer up2date. But there is hope During the last months other websites have emerged and other ones have attracted more attention than before. I want to show you 17 ways to obtain your latest Vulnerabilities && Exploits && Advisories elsewhere: http://nvd.nist.gov http://secunia.com http://inj3ct0r.com http://www.expbase.com http://www.exploit-db.com http://www.sebug.net […]

(Continue reading…)

The Joomla component com_joltcard suffers from a SQL injection vulnerability. Vulnerable Parameter(s) cardID Example URI index.php?option=com_joltcard&Itemid=XX&task=view&cardID=X +AND+1=2+UNION+SELECT+concat(database())– Selected information gets only displayed within the HTML source code (look at <OBJECT> tag). Please view the advisory here.

(Continue reading…)