Acunetix 11 Review by Help Net Security. Acunetix is one of the biggest players in the web security arena. The European-based company released the first version of their product back in 2005, and thousands of clients around the globe use it to analyze the security of their web applications. They recently unveiled Acunetix version 11, so Help Net Security decided to take it for a spin.
Yesterday, Melvin Lammerts wrote an article on the account creation with elevated privileges vulnerability in Joomla! < 3.6.4. And included a PoC exploit. This Joomla! vulnerability makes it easy for an attacker to create an user account, even when user registration is turned off. Yikes!
Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme
Akal, and a
SQL injection Denial-of-Service in a later to be disclosed plugin. This post describes the Akal premium WordPress theme XSS vulnerability.
Sjoerd Langkemper writes about Cracking PHP rand():
Webapps occasionaly need to create tokens that are hard to guess. For example for session tokens or CSRF tokens, or in forgot password functionality where you get a token mailed to reset your password. These tokens should be cryptographically secure, but are often made by calling
rand() multiple times and transforming the output to a string. This post will explore how hard it is to predict a token made with
OpenSSL comes in handy when you need to generate random passwords, for example for system accounts and services. In this short post I’ll give you a quick example on how to generate random passwords with OpenSSL in Linux (Bash), Windows and PHP…
Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy for launching Denial-of-Service (DoS) attacks. Even though the Googlemaps plugin vulnerability
plugin_googlemap2_proxy.php was released over one and a half (1,5) years ago, I still see these DoS-attacks happening on a regular basis…
This post contains information on vulnerabilities for 7 (at least somewhat) popular WordPress plugins. All of these vulnerabilities were trivial to discover (and are trivial to fix). The state of WordPress plugin security is very sad indeed. None of the developers were contacted in advance of this post (except where otherwise noted). Additional vulnerabilities will be posted as time permits. WordPress Plugin Vulnerability Dump – Part 1
mail() function to perform remote code execution, under rare circumstances.
Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape), to provide protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it’s requesting the same page more than 10 times a second. This is configurable.
WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites… Secure WordPress xmlprc.php interface and reduce service disruption.
Malware Must Die! has done a great, and extensive write-up on the subject of hacked and abused FTP sites (accounts). This topic fits well within my daily routine investigating and closing down hacked websites, for which I have to use various techniques for finding those hacked sites. As you might know, website security is one of the major themes of this site.
How to check the file type in PHP and secure file uploads: it is important to validate MIME types in PHP. Especially of files uploaded through an upload form to your website. Using PHP, the best way to validate MIME types is with the PHP extension Fileinfo. Any other method might not be as good or secure, and unfortunately those other methods are still wildly used…