.svg){kind=small}
.svg){kind=small}
While doing a regular web application penetration test for one of our clients, I found a reflected cross site scripting in a very popular application, CKEditor, and more precisely in the module that this application has for Drupal. It was sort of curious, because the vulnerable page was actually the one in charge of checking […]
Tag: web applications
Review of purposefully vulnerable applications to practice hacking
This post will be on the topic of exploitable testing platforms for learning how to conduct a penetration test. I will take you through a few programs I have used and give a bit of information about each and explain how they will help you increase your penetration testing skills. Before you get started There […]
Experience as a Dionach Intern: How I Was Taught
Four months ago I knew very little when it came to hacking – I had tried to look into it a little before, but had fallen into the traps of just reading about topics and not using the knowledge I had gained, or just knowing the basics about certain vulnerabilities and not properly understanding them. […]
ProChatRoom v8.2.0 Multiple Vulnerabilities
I came across ProChatRoom during a web application penetration test. I found that version 8.2.0 of ProChatRoom was vulnerable to stored cross-site scripting (XSS), reflected XSS, SQL injection and ultimately to remote command execution by combining the stored XSS
An Overview of HTTP Security Headers
During the last few years, a number of new HTTP headers have been introduced whose purpose is to help enhancing the security of a website. Some of these headers can be very useful protection against certain type of attacks, but their use is not widely spread in some cases. This blog post is an attempt […]
Kunena Forum for Joomla Multiple Vulnerabilities
The Kunena forum extension for Joomla suffers from multiple SQL injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. The vulnerabilities affect Kunena v3.0.5 and earlier. The blind SQL injection vulnerability affects all pages/tasks that use parameters in the form of “parameter[]”. This is because the array index is not being […]
PHP Magic Method Mapping
PHP object injection is one of the more esoteric web application vulnerabilities that we look for in penetration tests at Dionach. A detailed explanation is beyond the scope of this post, but there are a number of good resources available that discuss object injection (such as these
CodeIgniter Session Decoding Vulnerability
When building a new PHP web application, most developers will choose to base it on an existing framework, rather than building it from the ground up themselves. Frameworks have a number of benefits, such as decreasing the time required to develop an application, making it easier to use modern design patterns such as MVC, and […]
CMSmap – A simple CMS vulnerability Scanner
CMSmap is a simple Python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool. At the moment of writing, CMSmap supports WordPress, Joomla and Drupal. This tool saves […]
MySQL Regex Conditional Errors and SQL Injection
Until a few days ago, I did not know any way of causing MySQL to throw an error based on a condition in a query. There is no documented way of doing this, but sometimes when trying to exploit a non-trivial SQL injection, you face situations where you do need to be able to force […]