Recent Posts
- Export Address Table Filtering (EMET v2)
- Time of check, time of use
- MalwareDomains.com Serving Malware
- Scary monsters (and super creeps)
- Happy exploit wednesday!
- All you can spray
- Update: PDF sploits in the wild
- PDF sploits in the wild
- Vuln: maildrop Group Permission Dropping Privilege ..
-
maildrop Group Permission Dropping Privilege Escalation ..
- Vuln: Quagga bgpd Null Pointer Deference Denial Of ..
-
Quagga bgpd Null Pointer Deference Denial Of Service Vul..
- Vuln: Quagga bgpd Route-Refresh Message Stack Buffe..
-
Quagga bgpd Route-Refresh Message Stack Buffer Overflow ..
Categories
Comments
- abhi:Hi, I go
- k`sOSe:sorry for that,
- ftk:can you reuploa
- Vincent:Yup, 403.
- DG:403 Forbidden f
- k`sOSe:yep, exactly. t
- Thierry :"assuming
- h4x0r:Yeahhh ! i,m w
- snip:All work and no
- testonly:hi, i tried thi
- k`sOSe:hello w0lf, tha
- w0lf:hello frist of
- k`sOSe:Hi send9, feel
- k`sOSe:heya snip, than
- send9:Nice. I don
- snip:Guido, questa m
- fXsTar:Infernet eXplod
- k`sOSe:yeah indeed, my
- nopper:w00ting club :)
- k`sOSe:well said patri
- k`sOSe:thx
- sweet :cool shit you g
- k`sOSe:Fossi in te ci
- devon:Appena fixano r
PornoSecurity: sexy vulns, porno sploits and the like
A Sneak Preview
Posted on 2008-05-23 15:36:15 in PornoSecurity
Hi there, some time has passed since the last post on this weblog, I'm
now auditing a web application written by some italian guys and I am
focusing on the steps from an SQL Injection to a real command shell.
Too many times SQL Injection flaws are considered as a low/medium
threat due to the fact that they are often [ab]used to conduct low-impact
attacks(such as defacing).This has to change, SQL Injection flaws are a *really* dangerous threat. Here is a sneak preview regarding some of the (for now) 0-day flaws i discovered in this webapp.
I have also discovered some vulnerabilities in some Cisco/Linksys products, and I'm in contact with the Cisco Product Security Incident Response Team (PSIRT) and the Linksys security team to coordinate pubblic disclosure.
More news soon.