WordPress is one of the worlds biggest blogging platforms and can be easily extended with vulnerable add-ons to support a variety of functions – from CMS’s to stores and pretty much anything in between. Within some web applications, themes may contain variables that refer to dynamic elements while in others, like WordPress, insecure PHP files used for caching and resizing images are surprisingly quite common.

(more…)

There’s nothing like having your butt kicked Christmas morning, which is exactly what happened to us today. We were owned and exposed, in true fashion. Initially, the inj3ct0r team took “creds” for the hack, which quickly proved false as the original ezine showed up – and now inj3ct0r (their new site) is no longer online. As a wise Chinese man once said: “do not anger one who has shell on your server”. The zine also mentioned other sites, as well as the ettercap project being backdoored.

We are currently cleaning out our systems and analyzing the attacks – thankfully, the compromise was limited to non root access, and other than our egos, the damage is not severe. To the “owned and exposed” guys, we have a couple of things to say:

1) Thanks for not rm’ing us.

2) The irony of posting your zine in our “papers” section is not lost on us.

Merry Christmas to you all, and a happy new year!

Since we took up the torch of the Google Hacking Database from Johnny Long, we have introduced some changes that we feel provides a great deal of added value to our database of dorks. To make it easier for our visitors to identify changes in the database, there is a ‘New’ graphic that will appear next to a category name where new entries have been added.
(more…)

After a few days of fuzzing, I noticed that I covered a large part of the format (at least the part I found interesting) so I then began reverse engineering the format more thoroughly. I started by mapping out the tag-types and reviewing functions that parse them.
(more…)

I have recently been doing some fuzzing on the Adobe Flash Player. I started by implementing a simple format fuzzer for Flash based on a homegrown framework that I have been developing for awhile. I implemented and executed tests and progressively covered more and more of the format. After a few days, I noticed one of the SWF files causing strange crashes, the “Just in time” debugger gets triggered but the process is terminated.

(more…)

The popular vBulletin software is generally a quite secure forum application if you exclude the minimal amount of vulnerable addons. However, when new features are occasionally included, such as Profile Customization, a new vulnerability might be born.

(more…)

The incredible amount of information continuously leaked onto the Internet, and therefore accessible by Google, is of great use to penetration testers around the world.  Johnny Long of Hackers for Charity started the Google Hacking Database (GHDB) to serve as a repository for search terms, called Google-Dorks, that expose sensitive information, vulnerabilities, passwords, and much more.

(more…)

We are constantly improving the Exploit Databse and adding more functionality to it. Our latest upgrade brings some exciting features, such as searching security articles by language, and a new “Free Text Exploit Search” feature. (more…)

The Exploit Database is happy to announce some exciting EDB community features which have been implemented recently.  From the 1st of Sept, 2010, we will be inviting well established exploit writers and EDB “regulars” to have greater involvement with the database.

We will be enabling comments on exploits, as well as a new “Exploit Voting System”, where members will be able to rate exploits for their reliability and functionality.

We believe this involvement will improve the overall user experience, and will definitely add interesting input to our database. On the 1st of October, we will open membership to the general public – stay tuned for more updates.

Due to the overwhelming number of submissions we are receiving for applications that are vulnerable to DLL Hijacking, we will continue to update this post with submissions we receive rather than continuing to create a separate entry for each one.

(more…)