Recently I was in the need of a simple “drupal security scanner” which enumerates all modules of a drupal project so I can do a source code audit on them.
The only thing I could found for this were some you-have-to-be-a-member sites and a script called WPscan.py. Because the author’s site of the script was not accessible I decided to write an own little tool in ruby which can be easily plugged into another project I’m currently realising.
Some days ago during a pentest I found a critical sql injection vulnerability which gave me access to the user database. Most of the time finding this kind of vulnerability and extracting some data from the database is enough as an proof of concept, but in this particular pentest I needed to gain access to the backend administration.
Sadly there was no way to insert data into the user table so it was not possible to create an admin account for me. I decided to dump a few entries from the user table and take a look at the encryption. The user table was in the format
Because I’m always interested in trying new things and I recently stumbled upon Octopress, a blogging framework powered on Jekyll, I just managed to switch this weekend and import the little heap of my old posts.
Another cause for this move is that I want to write more for my blog than I did until now. And because writing a post with my old blogging software was a bit more time-consuming than it should be I hope that this easy method of publishing posts octopress offers me will increase my motivation to post something.
A lot of people already wrote about their moving to octopress from all different blogging systems so I’m trying to not repeat this. Some good article I can recommend for you is written by Matt Gemmell.
The setup and configuration was really easy. After the initial setup and theme customization (I slightly modified the oct2 theme) I got this blog ready in under half an hour. The importing of my old posts was also easy done because my old blogging software which I wrote by myself in python was already using the markdown syntax so I only had to make a few little changes.
After this fix your github sidebar should work as it should. Because I currently have no interesting github repos to show I decided to disable it for now. Maybe I will reactivate it later when there is more to show.
Some months ago (16th of Sep.) I found a security issue on an EPLUS service page,
which allows you to send as much SMS as you want to their customers (only numbers from the EPLUS group are affected) with a special message.
During my tests I found that the only limit you are faced with in sending SMS is the bandwidth of your connection/their server. The SMS is send
by a service hotline number and can not be traced back to you. The SMS-sending is triggered by a simple GET-request to their server.
I recently found a security issue in myBloggie. Injeting malicious code into the SQL-statement was quite simple, the only thing you had to do is to bypass the URL-validation regex by submitting a real url merged with an injection string:
“myBloggie is considered one of the most simple, user-friendliest yet packed with features Weblog system available to date.”
myBloggie 2.1.6 is - again - prone to a SQL-Injection vulnerability in the trackback function. It is possible to add a malformed URL to a trackback so malicious code can be injected to insert/read out data from the database.
An unsafe regular expression which does not properly check the passed trackback-url can be bypassed to inject malicious data into an INSERT INTO statement, resulting in an persistent cross-site-scripting or be used for reading out sensitive data (see ‘Advanced INSERT INTO exploitation by taking advantage of the primary key’ described here ).