WeTab – First impressions and a 15 minutes hands-on (+ comparison to iPad)

During the last days big skepticism about the WeTab ruled many internet communities. While being excited about the iPad “killer”, many people were afraid about missing features and an “uncompleted” product at the same time. Today, I had the chance to get my hands on this device while visiting the guys of the Linux Magazin (German Linux […]... Read More

Joomla Component com_restaurantguide Multiple Vulnerabilities

Please view the original advisory/exploit here. The Joomla component com_restaurantguide suffers from multiple vulnerabilities. >> SQL Injection index.php?option=com_restaurantguide&view=country&id=’&Itemid=69 (id parameter is vulnerable) >> HTML/JS/VBS Code Injection (all input fields, also in the admin backend) It is possible to inject HTML/JS/VBS code into the document although XSS filters are active. Simply end the current HTML tag […]... Read More

Security / Penetration Testing (Debian/Ubuntu) – Why Google Skipfish failes to be a top-class web vulnerability scanner

Some of you might have read my little tutorial about how to use Google Skipfish for web vulnerability scanning. While I was fascinated by the efficiency and speed of this application, I started to use it more often. Although manual testing can’t be replaced by a machine, web vulnerability scanners are still a helping hand. During […]... Read More

com_grid XSS Vulnerabilities closed

In May 2010 I discovered several XSS vulnerabilities within the Joomla components Card View JX and Table JX which were all based on the famous com_grid component. Until now those vulnerabilities remained unpatched. Today I received an email from David Mavec who is one of the guys working on com_grid. According to him, all vulnerabilities […]... Read More

Mechbunny PaysiteReviewCMS Permanent XSS Vulnerabilities

Please view the original advisory/exploit here. The PaysiteReviewCMS from the vendor Mechbunny suffers from Permanent Cross-Site Scripting vulnerabilities. Additional comment The script image.php is used to include images with specific parameters, such asthe image width. This script might be affected by other vulnerabilities aswell.... Read More

Xen.org Community Manager Stephen Spector says Goodbye

Stephen Spector, Community Manager of Xen.org, announced yesterday that he is about to leave the Xen.org community and looking forward to a new position. During the past tree years, Stephen did an awesome job on connecting all sorts of Xen enthusiasts and various companies. Thanks to him normal users and system administrators were able to […]... Read More