Vulnerability29 PHP Vulnerability Hunter All testing was performed on Windows XP and Vista using XAMPP. Each target application was installed, then a full scan was performed. Noteworthy log entries revealing exploitable faults are shown followed by the expoit proof of concepts and resulting advisories.Case Study 1: MODx Revolution 2.0.2-plReflected Cross-site Scripting Log EntryAlert Name: Reflected XSS GET /modx/manager/index.php?serv.. 2011. 11. 21. TimThumb vulnerability (WordPress plugins) Recently a new high risk vulnerability was discovered in the highly popular TimThumb script. TimThumb is a “A small php script for cropping, zooming and resizing web images (jpg, png, gif). Perfect for use on blogs and other applications.“ TimThumb is included in a lot of WordPress plugins and themes (free and paid). Exploiting this vulnerabilityan attacker can upload and excute a PHP file of hi.. 2011. 11. 11. Metasploit: The Penetration Tester’s Guide It gives me great pleasure to review this book ‘Metasploit – The Penetration Tester’s Guide’, not only because it is written on most popular penetration testing framework but the way it is written doing complete justice to the title!Here is the core information about the book,Title: Metasploit: The Penetration Tester’s GuideAuthor: David Kennedy, Jim O’Gorman, Devon Kearns, Mati AharoniPu.. 2011. 9. 28. Metasploit Framework 3.7.2 Released “The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.“ This is the official change log: Statistics: Metasploit now ships wi.. 2011. 6. 22. 2011년 1월 MS 정기 보안업데이트 권고 [MS11-001] MS 윈도우 백업 관리자 취약점으로 인한 원격코드실행 문제 □ 영향 o 공격자가 영향 받는 시스템에 대해 완전한 권한 획득 □ 설명 o 윈도우 백업 관리자(Windows Backup Manager)가 로드하는 라이브러리 파일의 경로를 부적절 하게 검증함으로 인해 취약점 발생 ※ Windows Backup Manager : 윈도우 운영체제 손상 등에 대비하여 백업 및 복구 등을 지원 하는 관리프로그램 o 공격자는 악의적으로 제작된 라이브러리 파일을 윈도우 백업 관리자가 실행되는 위치와 동일 경로에 설치함으로써 임의의 원격코드 실행 가능 o 관련취약점 : - Backup Manager Insecure Library Loading Vulnerability - CVE-2010-3145 o 영.. 2011. 1. 12. 이전 1 2 3 4 5 6 다음
