Showing 11 results for: January 2012 ×Application Security ×

HOIC DDoS Analysis and Detection

In a previous blog post, we provided details of a DDoS attack tool called LOIC (Low Orbit Ion Canon) used by Anonymous in supports of denial of service attacks over the past year. Attackers are constantly changing their tactics and...

TWSL2012-002: Multiple Vulnerabilities in WordPress

Trustwave SpiderLabs has published a new advisory today for multiple vulnerabilities discovered in the WordPress 'setup-config.php' page. These include PHP code execution/persistent cross site scripting (XSS) vulnerabilities and a MySQL server username/password disclosure weakness. All of these vulnerabilities were discovered...

On Null Byte Poisoning and XPath Injection

Recently I released a tool called XMLmao, a configurable testbed for learning to exploit XPath injection flaws, developing new attack techniques for XPath injection flaws or simulating real-world XPath injection scenarios, similar to SQLol. Among other features, it has challenge...

[Honeypot Alert] Simple Page Options Module for Joomla! Local File Inclusion Attack Detected

Our web honeypots generated the following ModSecurity alert today: [Thu Jan 19 17:55:55 2012] [error] [client 218.145.160.100] ModSecurity: Warning. Pattern match ".*" at TX:950103-WEB_ATTACK/DIR_TRAVERSAL-ARGS:spo_site_lang. [file "/usr/local/apache/conf/crs/base_rules/modsecurity_slr_46_lfi_attacks.conf"] [line "6379"] [id "2074201"] [rev "011712"] [msg "SLR: Simple Page Options Module for Joomla!...

[Honeypot Alert] phpMyAdmin Superglobal Session Manipulation Attack Detected

Our web honeypots have identified attempts to exploit CVE-2011-2505. OSVDB lists the vulnerabilty as - phpMyAdmin libraries/auth/swekey/swekey.auth.lib.php Swekey_login() Function Superglobal Session Manipulation Arbitrary PHP Code Execution. Vulnerability Details The vulnerability lies within the following code snippet of the libraries /auth/swekey/swekey.auth.lib.php...

[Honeypot Alert] Extensive 'setup.php" Scanning Detected

The SpiderLabs Research Team has identified an extensive scanning campaign which aims to enumerate the "setup.php" pages from a vast number of blogging and CMS applications. Below are the probes that we saw on our web honeypots today: GET /3rdparty/phpMyAdmin/scripts/setup.php...

[Honeypot Alert] Multiple Local File Inclusion Attacks

Our web server honeypot log analysis has picked up some targeted local file inclusion (LFI) attacks against few specific PHP components. OpenCart v1.4.9 LFI Here is PoC exploit code: ### # Title : OpenCart 1.4.9 LFI Multiple Vulnerability # Author...

Introducing SQLol

At the most recent Austin Hackers Association meeting I unveiled a project I've been working on for a couple months now called "SQLol". I was helping a colleague to exploit an SQL injection flaw in the wild with a MySQL...