I came across ProChatRoom during a web application penetration test. I found that version 8.2.0 of ProChatRoom was vulnerable to stored cross-site scripting (XSS), reflected XSS, SQL injection and ultimately to remote command execution by combining the stored XSS
Category: researchblog
An Overview of HTTP Security Headers
During the last few years, a number of new HTTP headers have been introduced whose purpose is to help enhancing the security of a website. Some of these headers can be very useful protection against certain type of attacks, but their use is not widely spread in some cases. This blog post is an attempt […]
How to Protect Against Ransomware Like CryptoLocker
How Ransomware Works Ransomware such as CryptoLocker typically gets onto your PC either through a phishing email or a web site hosting malware. Ransomware will either encrypt files, make the computer unusable or make threats, all to extort money to fix the problem. CryptoLocker encrypts documents on the computer, shared network drives and connected devices, […]
Kunena Forum for Joomla Multiple Vulnerabilities
The Kunena forum extension for Joomla suffers from multiple SQL injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. The vulnerabilities affect Kunena v3.0.5 and earlier. The blind SQL injection vulnerability affects all pages/tasks that use parameters in the form of “parameter[]”. This is because the array index is not being […]
Effectively Preparing for a Data Breach
Dionach have been providing Cyber Security Incident Response (CSIR) services for a number of years. This includes forensic analysis, root cause determination, and post-intrusion investigation. Based on this experience, we have identified some key areas in which organisations commonly encounter difficulties when responding to a data breach. The act of responding to a data breach can […]
PHP Magic Method Mapping
PHP object injection is one of the more esoteric web application vulnerabilities that we look for in penetration tests at Dionach. A detailed explanation is beyond the scope of this post, but there are a number of good resources available that discuss object injection (such as these
CodeIgniter Session Decoding Vulnerability
When building a new PHP web application, most developers will choose to base it on an existing framework, rather than building it from the ground up themselves. Frameworks have a number of benefits, such as decreasing the time required to develop an application, making it easier to use modern design patterns such as MVC, and […]
CMSmap – A simple CMS vulnerability Scanner
CMSmap is a simple Python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool. At the moment of writing, CMSmap supports WordPress, Joomla and Drupal. This tool saves […]
ISO 27001:2013 Transition
A new version of the standard, ISO 27001:2013, was published on the 25th of September 2013. The new version replaces the older version, ISO 27001:2005. There will be a transition period for organisations to align their ISMS with the new standard and become certified against ISO 27001:2013. The new standard looks different from its predecessor, […]
MySQL Regex Conditional Errors and SQL Injection
Until a few days ago, I did not know any way of causing MySQL to throw an error based on a condition in a query. There is no documented way of doing this, but sometimes when trying to exploit a non-trivial SQL injection, you face situations where you do need to be able to force […]