Sandeep Kamble

January 31, 2017

PageKit Open Source CMS Penetration Test

Overview Under the SecureLayer7’s Gratis Pentest Summer 2016, our consultant “Saurabh Banawar” have performed the 2 days penetration testing on the PageKit open source CMS application. […]
October 20, 2016

Password Reset OTP Bypass Critical Vulnerability in YesBank Banking Application

I am a customer of YesBank and I hold my savings account with them. I also use the YesBank’s online banking application and I strongly feel that […]
August 26, 2016

Google Cloud Print ClickJacking Vulnerability

Last weekend, I had a chance to use the Google cloud print service and found Clickjacking vulnerability. Obviously, X-Frame-Options response header was missing as shown in […]
July 18, 2016

vBulletin SQL Injection Exploit in the Wild CVE-2016-6195

vBulletin SQL Injection Exploit is released. On June 18th, vBulletin forum pushed a patch for the SQLi injection, which is still working on the number of […]
July 17, 2016

Firefox 47.0 Memory Access violation Crash – FIXED

We were working on Firefox browser automation for opening some of the URL for the malware analysis. We used the combination of python and selenium to […]
May 17, 2016

SecureLayer7 Gratis PenTest Summer 2016

SecureLayer7 Gratis PenTest Summer 2016 You can now receive free penetration testing for 6 days! What is this about? Your open source software project stands a […]
April 21, 2016

Backdoor PHP code WordPress

We have detected a Backdoor PHP code. It is often hidden in the WP writable directory. This backdoor is used to send PHP code execution.   […]
February 25, 2016

How to fix CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow

RedHat released Patch for CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow.  A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A […]
February 25, 2016

Protect Against SQL Injection in ASP.Net

A lot of resources are available for SQL Injection attack, however  I will be focusing on the SQL injection protection sample codes in ASP.net. Wherever I meet developers, […]
Enable Notifications.    Ok No thanks