Showing posts with label Web Security. Show all posts
Showing posts with label Web Security. Show all posts

Monday, 15 February 2016

Stealing Secrets with CSS : Cross Origin CSS Attacks

In this post I'm going to discuss a web attack that was designated CVE-2015-5826 and CVE-2015-1287 which abuses the way CSS parsing works in some browsers and expands the way we think about HTML injection attacks.

Sunday, 30 December 2012

Practical Blind-Error Based SQL Injection

Its me again! So in the previous post I talked about Blind-Error Based injection and basically showed the select query you can use to conditionally force errors while still leaking content from the database. This all happened from within a MySQL prompt, not much use to those who want to see the attack in action. Here I'm going to do just that, show you a practical example of the attack against an actual web application.

I'll be using the mod_security challenge set up by spiderlabs a about year ago. It may still ring all the mod_sec alarms but the purpose is not to threaten mod_sec---not yet---instead to show what the attack would look like in full swing.

Saturday, 29 December 2012

The new Wordpress Vuln and How to find its victims

A sample of the loot from the W3 Total Cache vuln
So an interesting little misconfiguration has reared its ugly head in some WordPress sites.The vulnerability effects all WordPress sites that make use of a plugin called "W3 Total Cache"---you can get it here---. 

In this post I'm going to discuss exactly what the vulnerability is and why its bad news and then I'll quickly discuss how to find some loot and show you some of the awesome loot you can dig out with something like this. Enjoy!