Showing 10 results for: May 2012 ×Application Security ×

HULK vs. THOR - Application DoS Smackdown

SpiderLabs Research Team Contributions from: @jgrunzweig @ethackal @claudijd There was a new web server DoS tool released yesterday called HULK (Http Unbearable Load King). Here is a snippet from the blog page: In my line of work, I get to...

About me, myself and BeEF

Hello followers of SpiderLabs . I'm Michele "antisnatchor" Orru, a new Senior Spider that recently joined the Application Security team in EMEA (London). I love both writing and breaking code. That's why I particularly like source code analysis, debuggers and...

Too XXE For My Shirt

Until tonight, I'd never gotten a chance to try an xml external entity (XXE) attack. Earlier, I was updating XMLmao and XSSmh with the same interface improvements and custom blacklist features already present in SQLol. The idea, eventually, is to...

PHP-CGI Exploitation by Example

Late last week, a vulnerability in PHP-CGI was disclosed, which allows all sorts of bad for folks running PHP-CGI. It was met with lots of controversy and questions about how it was leaked before a patch was available. What we'll...

Bypass Vulnerabilities in Squid and McAfee Web Access Gateway

About two weeks ago, a Brazilian security researcher by the name of Gabriel Menezes Nunes released two URL filter bypass vulnerabilities for both Squid 3.1.9 and McAfee Web Gateway 7.0 (CVE-2012-2213 and CVE-2012-2212 respectively). At a high level, these vulnerabilities...

Recent Mass SQL Injection Payload Analysis

There have been a number of mass SQL Injection campaigns targeting ASP/ASP.Net/MS-SQL sites over the past few months. While there have been a number of stories, sites and blogs that analyze the the injected JS script tags into the infected...