Entries of September, 2010

During the last days big skepticism about the WeTab ruled many internet communities. While being excited about the iPad “killer”, many people were afraid about missing features and an “uncompleted” product at the same time. Today, I had the chance to get my hands on this device while visiting the guys of the Linux Magazin (German Linux […]

(Continue reading…)

Please view the original advisory/exploit here. The Joomla component com_restaurantguide suffers from multiple vulnerabilities. >> SQL Injection index.php?option=com_restaurantguide&view=country&id=’&Itemid=69 (id parameter is vulnerable) >> HTML/JS/VBS Code Injection (all input fields, also in the admin backend) It is possible to inject HTML/JS/VBS code into the document although XSS filters are active. Simply end the current HTML tag […]

(Continue reading…)

Some of you might have read my little tutorial about how to use Google Skipfish for web vulnerability scanning. While I was fascinated by the efficiency and speed of this application, I started to use it more often. Although manual testing can’t be replaced by a machine, web vulnerability scanners are still a helping hand. During […]

(Continue reading…)

In May 2010 I discovered several XSS vulnerabilities within the Joomla components Card View JX and Table JX which were all based on the famous com_grid component. Until now those vulnerabilities remained unpatched. Today I received an email from David Mavec who is one of the guys working on com_grid. According to him, all vulnerabilities […]

(Continue reading…)

I just received a mail from the software vendor Mechbunny that the vulnerabilities (I found earlier this day) are most likely to be fixed this evening. Thanks for the fast reply and friendly mail!

(Continue reading…)

Please view the original advisory/exploit here. The Joomla component “Racers Online” (com_nkc) suffers from a numeric SQL Injection vulnerability.

(Continue reading…)

Please view the original advisory/exploit here. The PaysiteReviewCMS from the vendor Mechbunny suffers from Permanent Cross-Site Scripting vulnerabilities. Additional comment The script image.php is used to include images with specific parameters, such asthe image width. This script might be affected by other vulnerabilities aswell.

(Continue reading…)

Please view the original advisory/exploit here. The Porn Tube Search Script from the vendor Mechbunny suffers from Cross-Site Scripting and Redirection vulnerabilities.

(Continue reading…)

Stephen Spector, Community Manager of Xen.org, announced yesterday that he is about to leave the Xen.org community and looking forward to a new position. During the past tree years, Stephen did an awesome job on connecting all sorts of Xen enthusiasts and various companies. Thanks to him normal users and system administrators were able to […]

(Continue reading…)