How are work, life and things at SecureLayer7

What we do at SL7? In this blog post, we will see how are work, life and things at SecureLayer7. We are an enthusiastic pack of security consultants and developers. Our work profile involves: Working at customer site or remotely and pen testing web, mobile and infrastructure. Finding and making proof of concept for vulnerabilities. […]

SecureLayer7 Gratis PenTest Summer 2017

Overview Under the Gratis Pentest 2016, we have evaluated security postures of two open source applications i.e. Refinery CMS, PageKit CMS. We perform the penetration testing for the deserving Open Source Application as SecureLayer7’s contribution to Open Source Community. We shall allocate two or three days full time from our working hours to yield a […]

Password Reset OTP Bypass Critical Vulnerability in YesBank Banking Application

I am a customer of YesBank and I hold my savings account with them. I also use the YesBank’s online banking application and I strongly feel that they need to look into security of the application of the bank. So, as a responsible client, I disclosed the vulnerability to YesBank which I recently found in their […]

Firefox 47.0 Memory Access violation Crash – FIXED

We were working on Firefox browser automation for opening some of the URL for the malware analysis. We used the combination of python and selenium to perform automation and the After few mins, we stumble upon a Firefox crash, which was causing the memory access violation crash as shown in the following image. After few […]

How to fix CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow

RedHat released Patch for CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow.  A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: […]

Joomla Remote Code Execution Vulnerability Fixed

The Joomla team just released a new Joomla version 3.4.6 to fix serious vulnerability, i.e. remote code execution. Directly from the Joomla announcement: Browser information is not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability. Joomla CMS versions 1.5.0 through 3.4.5 are vulnerable to remote code […]

PreAuth PHP Object Injection Critical Vulnerability in vBulletin Versions 5.1.4 to 5.1.9

vBulletin on 03 Nov 2015 released security patches. The vBulletin 5.1.4 to 5.1.9 is vulnerable to PHP Object injection, where attacker can take control of the website and dump the database of vBulletin forum. It is found that vulnerability is released in the public. This vulnerability is very serious and easy to exploit to compromise […]

Tool to Detect SQL injection vulnerability in Joomla 3.2 to 3.4.4 versions!

It pleases us to announce the release of our new tool that we create in order to detect SQL injection vulnerability in the affected versions of Joomla CMS 3.2 to 3.4.4. So to scan your website for detection of SQL injection vulnerability, please visit here You can test for Joomla 3.4.4 SQL injection for the vulnerabilities having […]

CVE-2015-2652 – Unauthenticated File Upload in Oracle E-business Suite.

During my regular penetration testing job, I unravelled an interesting vulnerability of Unauthenticated File Upload in Oracle E-business Suite 0-day vulnerability. This particular Upload Bug can be easily used to upload files on the web-server and also an attacker can flood the hard-disk of the server,thus making it easier for an attacker to leverage the vulnerability […]