“How we broke PHP, hacked Pornhub and earned $20,000”

This is a very interesting read on how Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide) were able to find a PHP unserialize bug to exploit and gain remote code execution on Pornhub. Pornhub’s bug bounty program is at Hackerone In stead of actively attacking Pornhub, they took another road and attacked what Pornhub is built upon: PHP.

Continue reading ““How we broke PHP, hacked Pornhub and earned $20,000””

.NET Framework 4.6 allows side loading of Windows API Set DLL

Securify reports: A DLL side loading vulnerability was found in the .NET Framework version 4.6 when running on Windows Vista or Windows 7. This issue can be exploited by luring a victim into opening an Office document from the attacker’s share. An attacker can use this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet. This issue can be exploited even if the Office document is opened in Protected View.

Continue reading “.NET Framework 4.6 allows side loading of Windows API Set DLL”

“Simple Hack Threatens Outdated Joomla Sites”

Update your Joomla site… yet again. If you run a site powered by the Joomla content management system and haven’t yet applied a critical update for this software released less than two weeks ago, please take a moment to do so: A trivial exploit could let users inject malicious content into your site, turning it into a phishing or malware trap for visitors., Says Brian Krebs

Continue reading ““Simple Hack Threatens Outdated Joomla Sites””