At SecureLayer7, we continuously try to keep our customers updated with the latest threats which could affect their infrastructure and help them secure their perimeter. More than often we devise attack scenarios and then brainstorm to block such attempts. During one such brainstorming session, we took a interesting detour to check a couple of our […]
CVE-2015-2652 – Unauthenticated File Upload in Oracle E-business Suite.
During my regular penetration testing job, I unravelled an interesting vulnerability of Unauthenticated File Upload in Oracle E-business Suite 0-day vulnerability. This particular Upload Bug can be easily used to upload files on the web-server and also an attacker can flood the hard-disk of the server,thus making it easier for an attacker to leverage the vulnerability […]
WordPress Plugin – Revslider update captions CSS file critical vulnerability
Today was another day at work for SecureLayer7 to recover our client’s defaced website. And bang!! I think I hit upon a nasty vulnerability of a famous plugin. Although we successfully patched the vulnerability and we fixed the undoing of the blacklisting. On further research I stumbled upon its usage over the internet. As it […]
Reason Why Companies should Outsource Vulnerability & Penetration Testing Services
If you are looking to manage everything that relates to web security of your company on your own, then this blog is not for you. On the other hand, if you are looking for a safe hand to secure your web services from vulnerability and other malicious stuff over the internet, please keep reading!! Outsourcing […]
Malware Cleanup: Analysis of an Undetectable web-shell code uploaded via RevSlider Vulnerability
I started my day with my regular Malware Cleanup activity when I came across an interesting backdoor web shell file on the server. The server is not specific to any particular environment, it was one of the regular update on WordPress package with the plugin RevSlider Plugin ver. 4.1.4 . So I initiated the process to detect the […]
Google OAuth Target URL and Domain Description Vulnerable to UI redress attack
Over last 3 years, I’ve participated in the Google Reward Program and found some relatively serious vulnerability. Google OAuth Target URL, Upload X.509 Cert and Domain Description Vulnerable to UI Redress Attack is my one of the oldest finding in Google Reward program. UI Redress Attack is basically a well known attack in the Info […]
SecureLayer7 Launches Information Security Testing Services
We are excited to announce the launch of SecureLaye7 Information Security Testing Services. Securelayer7 bring it all together SecureLayer7 provide bunch of comprehensive security services including following . Application Security Testing Service Penetration Testing Service Malware Cleaning Service Server Security Hardening Service Mobile Application Penetration Testing Service Recovering Hacked Site Service Source Code Auditing Service […]
CVE-2015-0235 – How to secure against Glibc Ghost Vulnerability
CVE-2015-0235 Ghost (glibc gethostbyname buffer overflow) Vulnerability is serious cause for all Linux servers. In effect, this vulnerability is leveraged to execute remote end code execution on the victim Linux server. The vulnerability was found By Qualys Researcher and patched in GNU. What is the cause ? The bug is in __nss_hostname_digits_dots() function of the […]