Web vulnerabilities to gain access to the system

|=--------=[ Web vulnerabilities to gain access to the system ]=---------=|
|=-----------------------------------------------------------------------=|
|=----=[ pepelux[at]enye-sec[dot]org - <http://www.enye-sec.org> ]=------=|
|=-----------------------------------------------------------------------=|
|=----=[ spanish translation available in http://www.enye-sec.org ]=-----=|
|=-----------------------------------------------------------------------=|
|=---------------------------=[ Oct 12th 2008 ]-=------------------------=|

Continue reading →

Tags: vulnerabilities

Reverse Shell Cheat Sheet

If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell.

If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding a shell to a TCP port.  This page deals with the former.

Continue reading →

Security breach on kernel.org

    Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure. Continue reading →

Tags: Security

Uniscan 4.0 vulnerability scanner Released

The Uniscan vulnerability scanner is aimed at information security, which aims at finding vulnerabilities in Web systems and is licensed under the GNU GENERAL PUBLIC LICENSE 3.0 (GPL 3). Continue reading →

Tags: Scanner, Uniscan, Vulnerability

Top 10 Web Application Penestration Testing Tool (actually 11)

Well this is not quite a default top ten list (based on witch one is the smarter/faster/better) but just a simple list of applications you can use in a pentest. Free and open source app come first. Continue reading →

Tags: Penestration, tool, web application

WAF Bypass: SQL injection(Forbidden or not?)

WAF BYPASS SQL INJECTION
This is such a wide Topic, but today were going to examine WAF bypas and SQL injection What is a WAF? A WAF is a Web Application Firewall used to filter certain malicious requests and/or keywords. Is a WAF a safe way to protect my Website? Well, thats a tough question. A WAF alone will not protect your website if your code is vulnerable, but a WAF and secure coding will. A WAF should be used as a tool in your tool shed, but you should never count on a WAF to keep attackers out because most, if not all WAF’s can be bypassed with the time and
brains.Today,we will take a look into how exactly to do this
Continue reading →

Tags: sql injection

HTSHELLS – Self contained web shells and other attacks via .htaccess files.

HTSHELLS – Self contained web shells and other attacks via .htaccess files.

Attacks are named in the following fashion, module.attack.htaccess.
Pick the one you need and copy it to a new file named .htaccess, check the file to see if it needs editing before you upload it.
Web shells executes commands from the query parameter c, unless the file states otherwise.

Continue reading →

Tags: htaccess, shell

SQLi using extractvalue()

Introduction.

In this tutorial i will be teaching you SQL injection using the xml function extractvalue() to extract data from mySQL versions 5.1 and above. This tutorial assumes that you have an understanding of the structure of mySQL and the basic functions and operators needed for SQL injection so i wont be covering them.
Continue reading →

Tags: sql injection

Understanding .htaccess attacks – Part 1

Attackers have been using the .htaccess file for a while. They use this file to hide malware, to redirect search engines to their own sites (think blackhat SEO), and for many other purposes (hide backdoors, inject content, to modify the php.ini values, etc). Continue reading →

Tags: attacks

How to find a backdoor in a hacked WordPress

Originally posted here: http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/

Over here, Jorge Escobar is writing about how he got hacked with the latest version of WordPress. After some minor back and forth on FriendFeed, I got him to do a search which found a malicious backdoor he might not otherwise have found. Continue reading →

Tags: backdoor, hack