Advisory:
|
Meditate Web Content Editor ‘username_input’ SQL-Injection vulnerability
|
Advisory ID:
|
SSCHADV2011-039
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Meditate 1.2
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
EDB-ID:
|
18202
|
======================
Vulnerability Description:
======================
Meditate Web Content Editor is prone to a SQL-Injection vulnerability
Continue reading "SSCHADV2011-039 - Meditate Web Content Editor 'username_input' SQL-Injection vulnerability"
Well, here is my next article for the German HAKIN9 IT Security Magazin. This time it’s about Web-Security and it holds three examples (XSS, SQL-Injection and Blind SQL-Injection) about, how to identify and fix vulnerabilites in web applications. Tools used for this one are Netsparker Community Edition from mavitunasecurity, Arachni and sqlmap.
And of course not to forget, a big special THANKS to Dr. Philip Walter for his great support!
Enjoy yourself!
Advisory:
|
Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities
|
Advisory ID:
|
SSCHADV2011-031
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Yet Another CMS 1.0
|
Vendor URL:
|
|
Vendor Status:
|
informed
|
EDB-ID:
|
17997
|
======================
Vulnerability Description:
======================
Yet Another CMS 1.0 is prone to multiple SQL Injection and XSS vulnerabilities
Continue reading "SSCHADV2011-031 - Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities"
Advisory:
|
Site@School 2.4.10 SQL Injection & XSS vulnerabilities
|
Advisory ID:
|
SSCHADV2011-030
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Site@School 2.4.10 |
Vendor URL:
|
|
Vendor Status:
|
insecure and no longer maintained
|
CVE-ID:
|
-
|
======================
Vulnerability Description:
======================
Site@School is prone to multiple SQL Injection and XSS vulernabilities
Continue reading "SSCHADV2011-030 - Site@School SQL Injection & XSS vulnerabilities"
Advisory: |
KaiBB 2.0.1 XSS and SQL Injection vulnerabilities
|
Advisory ID: |
SSCHADV2011-027
|
Author: |
Stefan Schurtz
|
Affected Software: |
Successfully tested on KaiBB 2.0.1 |
Vendor URL: |
|
Vendor Status: |
informed |
CVE-ID: |
- |
======================
Vulnerability Description:
======================
KaiBB 2.0.1 is prone to XSS and SQL Injection vulnerabilities
Continue reading "SSCHADV2011-027 - KaiBB 2.0.1 XSS and SQL Injection vulnerabilities"
Advisory: |
openEngine 2.0 ‘key’ Blind SQL Injection vulnerability
|
Advisory ID: |
SSCHADV2011-026 |
Author: |
Stefan Schurtz
|
Affected Software: |
Successfully tested on openEngine 2.0 100226 |
Vendor URL: |
|
Vendor Status: |
informed |
CVE-ID: |
- |
======================
Vulnerability Description
======================
The ‘key’ parameter in openEngine 2.0 is prone to a Blind SQL Injection
Continue reading "SSCHADV2011-026 - openEngine 2.0 'key' Blind SQL Injection vulnerability"