Articles by ‘MaXe’

WordPress TimThumb Exploitation

12th August 2011

Exploit DatabaseWordPress is one of the worlds biggest blogging platforms and can be easily extended with vulnerable add-ons to support a variety of functions – from CMS’s to stores and pretty much anything in between. Within some web applications, themes may contain variables that refer to dynamic elements while in others, like WordPress, insecure PHP files used for caching and resizing images are surprisingly quite common.

(more…)

vbSEO – From XSS to Reverse PHP Shell

31st January 2011

XSS is not a big deal, or is it? On many occasions, I’ve seen this vulnerability being classified as useless, not serious, and being a low threat. What I’ve always had in mind is that it’s only the capabilities of the browser, and the hackers mind which sets the limit for a XSS attack.

(more…)

vBulletin – A Journey Into 0day Exploitation

16th November 2010

The popular vBulletin software is generally a quite secure forum application if you exclude the minimal amount of vulnerable addons. However, when new features are occasionally included, such as Profile Customization, a new vulnerability might be born.

(more…)

Finding 0days in Web Applications

5th November 2010

PHP 0-Days

Most zero-day exploits in web applications are usually easier to find, study, and attack than actual services like a webserver due to the fact that a hacker does not need to create shellcode, debug the service over and over or even know about the memory layout of the target machine. Furthermore, there are no opcodes to worry about, but there are usually some other sort of security mechanisms in place instead.
(more…)

Joomla Automated Exploitation

14th October 2010

Joomla Automated Exploitation – Most people know or have heard about Joomla. It’s probably the only CMS with the most exploits and vulnerable addons ever made, and sometimes I wonder who creates all these.

That however, isn’t important. What matters is that once an addon is installed, there’s a high chance it contains unsanitized code aka a security hole for us to target, (ab)use and exploit.

(more…)

vBulletin – Not So Secure Anymore

3rd August 2010

Some time ago, an LFI vulnerability within vBSEO was discovered, which allowed an attacker to include locally hosted files. The challenge, when confronted with an LFI vulnerability, is to leverage it into executing arbitrary code of our choosing.

(more…)

Tags: ,