Showing 12 results for: January 2012 ×Security Research ×

HOIC DDoS Analysis and Detection

In a previous blog post, we provided details of a DDoS attack tool called LOIC (Low Orbit Ion Canon) used by Anonymous in supports of denial of service attacks over the past year. Attackers are constantly changing their tactics and...

Cuckoo for Cuckoo Box

Cuckoo Sandbox is an automated, open source, malware analysis system that started as a Google Summer of Code project in 2010. Setting it up on Mac OS X isn't strictly supported, but can be done without too much additional effort.

TWSL2012-002: Multiple Vulnerabilities in WordPress

Trustwave SpiderLabs has published a new advisory today for multiple vulnerabilities discovered in the WordPress 'setup-config.php' page. These include PHP code execution/persistent cross site scripting (XSS) vulnerabilities and a MySQL server username/password disclosure weakness. All of these vulnerabilities were discovered...

On Null Byte Poisoning and XPath Injection

Recently I released a tool called XMLmao, a configurable testbed for learning to exploit XPath injection flaws, developing new attack techniques for XPath injection flaws or simulating real-world XPath injection scenarios, similar to SQLol. Among other features, it has challenge...

[Honeypot Alert] Simple Page Options Module for Joomla! Local File Inclusion Attack Detected

Our web honeypots generated the following ModSecurity alert today: [Thu Jan 19 17:55:55 2012] [error] [client 218.145.160.100] ModSecurity: Warning. Pattern match ".*" at TX:950103-WEB_ATTACK/DIR_TRAVERSAL-ARGS:spo_site_lang. [file "/usr/local/apache/conf/crs/base_rules/modsecurity_slr_46_lfi_attacks.conf"] [line "6379"] [id "2074201"] [rev "011712"] [msg "SLR: Simple Page Options Module for Joomla!...

[Honeypot Alert] phpMyAdmin Superglobal Session Manipulation Attack Detected

Our web honeypots have identified attempts to exploit CVE-2011-2505. OSVDB lists the vulnerabilty as - phpMyAdmin libraries/auth/swekey/swekey.auth.lib.php Swekey_login() Function Superglobal Session Manipulation Arbitrary PHP Code Execution. Vulnerability Details The vulnerability lies within the following code snippet of the libraries /auth/swekey/swekey.auth.lib.php...

[Honeypot Alert] Extensive 'setup.php" Scanning Detected

The SpiderLabs Research Team has identified an extensive scanning campaign which aims to enumerate the "setup.php" pages from a vast number of blogging and CMS applications. Below are the probes that we saw on our web honeypots today: GET /3rdparty/phpMyAdmin/scripts/setup.php...

[Honeypot Alert] Multiple Local File Inclusion Attacks

Our web server honeypot log analysis has picked up some targeted local file inclusion (LFI) attacks against few specific PHP components. OpenCart v1.4.9 LFI Here is PoC exploit code: ### # Title : OpenCart 1.4.9 LFI Multiple Vulnerability # Author...

Analyzing PDF Malware - Part 2

Where were we? As the title states, this is the second part of Analyzing PDF Malware. If you haven't read the first part you can find it here. Go ahead and read it now if you haven't already, we'll wait....