PreAuth PHP Object Injection Critical Vulnerability in vBulletin Versions 5.1.4 to 5.1.9

vBulletin on 03 Nov 2015 released security patches. The vBulletin 5.1.4 to 5.1.9 is vulnerable to PHP Object injection, where attacker can take control of the website and dump the database of vBulletin forum. It is found that vulnerability is released in the public. This vulnerability is very serious and easy to exploit to compromise […]

Tool to Detect SQL injection vulnerability in Joomla 3.2 to 3.4.4 versions!

It pleases us to announce the release of our new tool that we create in order to detect SQL injection vulnerability in the affected versions of Joomla CMS 3.2 to 3.4.4. So to scan your website for detection of SQL injection vulnerability, please visit here You can test for Joomla 3.4.4 SQL injection for the vulnerabilities having […]

How to Fix Joomla 3.2 to 3.4.4 Core – SQL Injection vulnerability

If you are a Joomla user, just UPGRADE it to the latest version, here or download new installation package here. Joomla officials have announced a new release Joomla! 3.4.5 is now available. Joomla core packages 3.2 to 3.4.4 are vulnerable to a critical vulnerability – SQL injection. The newly released Joomla version fixes the SQL injection vulnerability. […]

Drupal 8.0.0-beta14 Vendor Script Vulnerable to XSS

Overview Recently, I was playing around with the Drupal CMS application code. Drupal is an open source CMS application widely used for the purpose of blog posting. For further details, know more about Drupal here. Basically the open source application advantage here was that the source code was at my disposal. While fiddling around with the […]

Malware Detection : Adding glastopf juice to maldet engine

At SecureLayer7, we continuously try to keep our customers updated with the latest threats which could affect their infrastructure and help them secure their perimeter. More than often we devise attack scenarios and then brainstorm to block such attempts. During one such brainstorming session, we took a interesting detour to check a couple of our […]

CVE-2015-2652 – Unauthenticated File Upload in Oracle E-business Suite.

During my regular penetration testing job, I unravelled an interesting vulnerability of Unauthenticated File Upload in Oracle E-business Suite 0-day vulnerability. This particular Upload Bug can be easily used to upload files on the web-server and also an attacker can flood the hard-disk of the server,thus making it easier for an attacker to leverage the vulnerability […]

WordPress Plugin – Revslider update captions CSS file critical vulnerability

Today was another day at work for SecureLayer7 to recover our client’s defaced website. And bang!! I think I hit upon a nasty vulnerability of a famous plugin. Although we successfully patched the vulnerability and we fixed the undoing of the blacklisting. On further research I stumbled upon its usage over the internet. As it […]

Reason Why Companies should Outsource Vulnerability & Penetration Testing Services

If you are looking to manage everything that relates to web security of your company on your own, then this blog is not for you. On the other hand, if you are looking for a safe hand to secure your web services from vulnerability and other malicious stuff over the internet, please keep reading!! Outsourcing […]

Malware Cleanup: Analysis of an Undetectable web-shell code uploaded via RevSlider Vulnerability

I started my day with my regular Malware Cleanup activity when I came across an interesting backdoor web shell file on the server.  The server is not specific to any particular environment, it was one of the regular update on WordPress package with the plugin RevSlider Plugin ver. 4.1.4 . So I initiated the process to detect the […]