Tag Archives for " Website security "

A cheat-sheet for password crackers

A cheat-sheet for password crackers that may come in handy sometime, by m3g9tr0n.

Continue reading

3 Important security measurements for Windows Server & IIS

Windows Server security: When you have just installed your new Windows Server, with or without IIS as web server, it is important to take a few extra security measurements. Securing your (web) server is important to keep hackers out and your data safe. Here are some steps you can take to secure and harden your Windows Server (IIS) web or file server.

Continue reading

Check WordPress Core files integrity

Check the md5 checksum of WordPress Core files against WordPress’ checksums API, using this standalone PHP file. I chose to use a standalone PHP script to check the md5sum of WordPress Core files against the API so you’re not dependent on a possibly hacked WordPress installation. This kind of guarantees the result can be trusted, as opposed to using a WordPress plugin. I think this […]

Continue reading

prettyPhoto DOM based XSS

prettyPhoto DOM XSS Saotn

A nasty DOM based XSS persists in prettyPhoto, a jQuery lightbox clone for images, videos, YouTube, iframes and ajax. Versions 3.1.4 and 3.1.5 still affected by this cross site scripting vulnerability

Continue reading

Ubuntu forums hacked; 1.82M logins and email addresses stolen

ZDNet writes: Canonical, the company behind the Ubuntu operating system, has suffered a massive data breach on its forums. All usernames, passwords, and email addresses were stolen. Ubuntu Forums suffered a massive data breach, the company behind the Linux open-source based operating system said on Saturday.

Continue reading

“New first stop for hacked site recovery”, Google help for hacked sites

Google just released their new help website for webmasters whose site was hacked. In this first step towards recovery, webmasters can find information about the steps and procedures they need to take in order to get their site cleaned.

Continue reading

Unauthorized Access: Bypassing PHP strcmp()

The following was posted to the Web Security Mailinglist: Unauthorized Access: Bypassing PHP strcmp(). A way to bypass PHP’s strcmp() binary safe string comparison function.

Continue reading

“Joomla sites misused to deploy malware” – Update

The Internet Storm Center reports that a large number of Joomla sites are currently deploying malicious code and infecting visitors with malware; some WordPress sites are also thought to be affected. The German CERT-Bund⁠ Computer Emergency Response Team, which is operated by the German Federal Office for Information Security (BSI), has confirmed that similar attacks on and via Joomla servers have also been observed in […]

Continue reading

WordPress Crayon Syntax Highlighter Plugin “wp_load” Remote File Inclusion Vulnerability

Charlie Eriksen has discovered a vulnerability in the Crayon Syntax Highlighter plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the “wp_load” parameter in wp-content/plugins/crayon-syntax-hightlighter/util/ajax.php and wp-content/plugins/crayon-syntax-hightlighter/util/preview.php is not properly verified before being used to include files. This can be exploited to include arbitrary PHP files from external FTP resources.

Continue reading