Showing 13 results for: April 2011 ×Application Security ×

Reaching Trustwave's WebDefend Minus World

So my inbox lit up today with a Full Disclosure note about a vulnerability in Trustwave's WebDefend. The thing is, while it's an interesting way to get a shell on the box, it's really not "Privilege Escalation" as the poster...

Who's in the Driver's Seat?

Events over the last seven days have dramatically underlined the pitfalls and difficulties of online security to consumers. To kick off, we had the news that both Apple's iPhone and Google's Droid were keeping rather too much data on their...

Latest Web Hacking Incident Database (WHID) Entries

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project. WHID 2011-84:Hackers access personal info of Lancaster County students Entry Title: WHID 2011-84:Hackers access personal info of Lancaster County...

ModSecurity Advanced Topic of the Week: Integrating IDS Signatures

Snort Web Attack Rules You may be familiar with the Emerging Threats project. They have a few Snort rules files related to known web application vulnerabilities and attacks: emerging-web_server.rules emerging-web_specific_apps.rules Identifying attacks against known vulnerabilities does have value in the...

Latest Web Hacking Incident Database (WHID) Entries

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project. WHID 2011-72: WordPress Hack Could Put Premium Users at Risk WHID ID: 2011-72 Date Occurred: April 13, 2011 Attack...

Latest Web Hacking Incident Database (WHID) Entries

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project. WHID 2011-67: Hackers attack iTunes Entry Title: WHID 2011-67: Hackers attack iTunes WHID ID: 2011-67 Date Occurred: April 4,...

CSS and XSS in Melodious Harmony

Web application penetration testers, have you ever run into a situation where you can inject into the attribute of a tag and break out of the attribute, but not the tag? For those who can only <script> //<![CDATA[ alert('XSS') //]]>// </script> this is a...

Analysis of LizaMoon: Stored XSS via SQL Injection

Blended Attacks More and more of today's web application attacks are leveraging multiple weaknesses, vulnerabilities and attack methods in order to achieve a desired exploitation outcome. It is becoming more and more difficult to neatly place an attack into one...

Latest Web Hacking Incident Database (WHID) Entries

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project. WHID 2011-61: LizaMoon Mass SQL Injection Attack Points to Rogue AV Site Entry Title: WHID 2011-61: LizaMoon Mass SQL...