Skipfish is scanning VPS is heavy occupied skipfish_5 Cancel the scan Skipfish generated report Skipfish help

Penetration Testing with Google’s Skipfish (Debian/Ubuntu)

I recently had the time to test Google’s Skipfish. It is a fully automated penetration testing tool and was just published some weeks ago. This little tutorial will show Debian/Ubuntu users how to install it and perform the first test. I. Introduction Tools like Nessus and Nmap are indispensable when it comes down to security […]... Read More

chCounter indirect SQL Injection and XSS Vulnerabilities

View the original advisory here. This is most probably the most funny advisory I ever published. I found some decent vulnerabilities within the code of the very popular counter “chCounter”. It is fact a very cool counter. Simply implement the counter file into your website and view the stats in the admin backend. >> #1 […]... Read More history

The community manager of just announced the availablity of a new overview of the history: It is very interesting for those who have been following Xen since it emerged in the world of virtualization. For me, the highlight of the history page are the old documents from 2005: Some of those […]... Read More

Auto-Img-Gallery XSS Vulnerability

View the advisory here. The image gallery script “Auto-Img-Gallery” suffers from a XSS vulnerability. Furthermore SQL injection might be possible since I got some SQL errors just by browsing trough the script and playing around with the URI. Still need to find out if there is a way to exploit this.... Read More

Guestbook PHP XSS Vulnerability

Please view the txt advisory here. The actually very nice guestbook “Guestbook PHP” suffers from a XSS vulnerability. The guestbook fails to properly sanitize the user input when a new entry is added. When HTML/Java Script code is added, it gets displayed/parsed when the new entry was successfully submitted. Furthermore the code gets executed when […]... Read More

FlashCard XSS Vulnerability

View the original advisory here. >> Product information Name = FlashCard Vendor = Vendor Website = Affected Version(s) = Only tested with 2.6.5, other versions may also be affected >> #1 Vulnerability Type = XSS Example URI = flashcard/stateless/cPlayer.php?id="><iframe src=>... Read More

dl_stats Multiple Vulnerabilities (SQLI, XSS, Unprotected Admin Panel)

Please view the original advisory here. The very popular download manager dl_stats suffers from various vulnerabilities. #1 SQL Injection #2 XSS #3 Unprotected Admin Panel The vendor seems to have rewritten the software, since version 2.0 dl_stats is no longer vulnerable to SQLI and XSS. But… 90 percent of the websites using dl_stats did NOT upgrade […]... Read More

17 Milw0rm alternatives – or: 17 ways to obtain your latest Vulnerabilities/Advisories/Exploits elsewhere.

Since 2009, Milw0rm seems to be “dead” and no longer up2date. But there is hope 😛 During the last months other websites have emerged and other ones have attracted more attention than before. I want to show you 17 ways to obtain your latest Vulnerabilities && Exploits && Advisories elsewhere: […]... Read More

Joomla Component com_joltcard SQL Injection Vulnerability

The Joomla component com_joltcard suffers from a SQL injection vulnerability. Vulnerable Parameter(s) cardID Example URI index.php?option=com_joltcard&Itemid=XX&task=view&cardID=X +AND+1=2+UNION+SELECT+concat(database())– Selected information gets only displayed within the HTML source code (look at <OBJECT> tag). Please view the advisory here.... Read More