Showing 14 results for: July 2013 ×

Announcing the ModSecurity XSS Evasion Challenge

The SpiderLabs Research Team is pleased to announce the release of the ModSecurity XSS Evasion Challenge for the community. The purpose of this challenge is to show possible XSS defenses by using ModSecurity and to identify any weaknesses. Challenge Setup...

SpiderLabs Radio July 26, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs and covers Barnaby Jack RIP, Apple Dev site rotten to the core, 2M Ubuntus owned, broken SIMs, Paypal youngun's, Touring Not Guilty, Syrian...

SpiderLabs Radio July 19, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs and covers Tumblr tumbles, Konami follows Nintendo, Guccifer and the Syrian Electronic Army returns, femtocalls still vulnerable, SCADA bug bounty that isn't, Morningstar,...

SpiderLabs Radio July 12, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs and covers Defcon unvites Feds, Secunia - VLC FIGHT!, Emergency Alert System. HD Scans Again, HP PreOwned, Bounty better than FTE, Anon Hits...

XSS, SQLi in OpenEMR 4.1.1

A few tests ago, I came across an OpenEMR install with a weak password for a 'Guest' level account. Using the guest access, mixed with some application issues I found along the way, I was able to eventually compromise the...

Microsoft Patch Tuesday, July 2013 - CRITICAL

This is probably one of the most important Patch Tuesday's we have seen in quite some time. While it is not the biggest Patch Tuesday, either in bulletins or in CVE's, there are a very high number of critical issues...

SpiderLabs Radio July 5, 2013 w/ Space Rogue

This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave SpiderLabs and covers Massive Android hole, Jester vs Snowden FIGHT, Ubisoft, Nintendo, ShadowCrew, JayZ, SouljaBoy, Russel Crowe, Red Hack, Turkish Ajan, NSA is hiring...

Custom Native Library Loader for Android

If you read my co-worker Neal Hindocha's recent post "Debugging Android Libraries using IDA" you notice he mentioned using a "custom library loader". We had used this on a recent mobile penetration test to have complete control over some home...

Look What I Found: It's a Pony!

Every once in a while we get to peek into the lion's den, this time we'll be checking out a fairly large instance of the Pony botnet controller, containing a large amount of stolen credentials and other goodies. Pony, for...