Ultimi Articoli
- Impossible is Nothing
- Having Fun With Windogs
- A Linksys video and an IGSuite exploit
- A Sneak Preview
- xine-lib NSF Demuxer Buffer Overflow Vulnerability
- Pligg 9.9.0 SQL Injection Vulnerability
- mplayer sdpplin_parse() Array Indexing Vulnerability
- Got sploit, lets patch! kthx.
- Vuln: Pluck 'index.php' Multiple Local File Include..
-
Pluck 'index.php' Multiple Local File Include Vulnerabil..
- Vuln: GPicView Multiple Local Security Vulnerabilit..
-
GPicView Multiple Local Security Vulnerabilities ..
- Vuln: Postfix Local Information Disclosure and Loca..
-
Postfix Local Information Disclosure and Local Privilege..
Categories
Commenti
The sexy side of information security, benvenuti su PornoSecurity!
A Sneak Preview
Posted on 2008-05-23 15:36:15 in PornoSecurity
Hi there, some time has passed since the last post on this weblog, I'm
now auditing a web application written by some italian guys and I am
focusing on the steps from an SQL Injection to a real command shell.
Too many times SQL Injection flaws are considered as a low/medium
threat due to the fact that they are often [ab]used to conduct low-impact
attacks(such as defacing).This has to change, SQL Injection flaws are a *really* dangerous threat. Here is a sneak preview regarding some of the (for now) 0-day flaws i discovered in this webapp.
I have also discovered some vulnerabilities in some Cisco/Linksys products, and I'm in contact with the Cisco Product Security Incident Response Team (PSIRT) and the Linksys security team to coordinate pubblic disclosure.
More news soon.