Exploits Database by Offensive Security » EDB News

WordPress TimThumb Exploitation

MaXe — Fri, 12 Aug 2011 05:00:01 +0000

One of the biggest blogging platforms, which can easily be extended with vulnerable addons, to support a variety of functions - From CMS's to pretty much anything. Within some web applications, themes may contain variables that refer to dynamic elements, while in others like WordPress - Insecure PHP files used for caching and resizing images, are surprisingly quite common.

Owned and Exposed

admin — Sat, 25 Dec 2010 19:32:17 +0000

There’s nothing like having your butt kicked Christmas morning, which is exactly what happened to us today. We were owned and exposed, in true fashion. Initially, the inj3ct0r team took “creds” for the hack, which quickly proved false as the original ezine showed up – and now inj3ct0r (their new site) is no longer online. [...]

Google Hacking Database Updates

dookie2000ca — Mon, 20 Dec 2010 04:00:34 +0000

Since we took up the torch of the Google Hacking Database from Johnny Long, we have introduced some changes that we feel provides a great deal of added value to our database of dorks. To make it easier for our visitors to identify changes in the database, there is a ‘New’ graphic that will appear [...]

Fuzzing vs Reversing – Round #2 (Reversing)

zelik — Mon, 22 Nov 2010 18:01:45 +0000

After a few days of fuzzing, I noticed that I covered a large part of the format (at least the part I found interesting) so I then began reverse engineering the format more thoroughly. I started by mapping out the tag-types and reviewing functions that parse them. After I spent a few hours just poking [...]

Fuzzing vs Reversing – Round #1 (Fuzzing)

zelik — Mon, 22 Nov 2010 17:19:15 +0000

I have recently been doing some fuzzing on the Adobe Flash Player. I started by implementing a simple format fuzzer for Flash based on a homegrown framework that I have been developing for awhile. I implemented and executed tests and progressively covered more and more of the format. After a few days, I noticed one of [...]

vBulletin – A Journey Into 0day Exploitation

MaXe — Tue, 16 Nov 2010 00:17:35 +0000

The popular vBulletin software is generally a quite secure forum application if you exclude the minimal amount of vulnerable addons. However, when new features are occasionally included, such as Profile Customization, a new vulnerability might be born. In the actual customization feature it is possible to supply color codes such as: #000000, RGB codes like rgb(255, [...]

Google Hacking Database Reborn

admin — Tue, 09 Nov 2010 01:06:23 +0000

The incredible amount of information continuously leaked onto the Internet, and therefore accessible by Google, is of great use to penetration testers around the world. Johnny Long of Hackers for Charity started the Google Hacking Database (GHDB) to serve as a repository for search terms, called Google-Dorks, that expose sensitive information, vulnerabilities, passwords, and much [...]

Exploit Database, New Features!

admin — Thu, 04 Nov 2010 19:32:18 +0000

We are constantly improving the Exploit Databse and adding more functionality to it. Our latest upgrade brings some exciting features, such as searching security articles by language, and a new “Free Text Exploit Search” feature. The free text feature brings with it new possibilities and fine grain searches for exploits. Another cool feature is a [...]

Exploit Database – Community Edition

admin — Thu, 26 Aug 2010 10:28:47 +0000

The Exploit Database is happy to announce some exciting EDB community features which have been implemented recently. From the 1st of Sept, 2010, we will be inviting well established exploit writers and EDB “regulars” to have greater involvement with the database. We will be enabling comments on exploits, as well as a new “Exploit Voting [...]

DLL Hijacking Vulnerable Applications

dookie2000ca — Wed, 25 Aug 2010 21:13:33 +0000

Due to the overwhelming number of submissions we are receiving for applications that are vulnerable to DLL Hijacking, we will continue to update this post with submissions we receive rather than continuing to create a separate entry for each one. ArchiCad 13.00 (srcsrv.dll) – SeyFellaH Nokia Suite contentcopier (wintab32.dll) – nuclear Nokia Suite communicationcentre (wintab32.dll) [...]