Category Archive for "EDB News"

WordPress TimThumb Exploitation

muts

One of the biggest blogging platforms, which can easily be extended with vulnerable addons, to support a variety of functions – From CMS’s to pretty much anything. Within some web applications, themes may contain variables that refer to dynamic elements, while in others like WordPress – Insecure PHP files used for caching and resizing images, are surprisingly quite common.

Read More

Owned and Exposed

muts

There’s nothing like having your butt kicked Christmas morning, which is exactly what happened to us today. We were owned and exposed, in true fashion. Initially, the inj3ct0r team took “creds” for the hack, which quickly proved false as the…

Read More

Google Hacking Database Updates

dookie2000ca

Since we took up the torch of the Google Hacking Database from Johnny Long, we have introduced some changes that we feel provides a great deal of added value to our database of dorks. To make it easier for our…

Read More

Fuzzing vs Reversing – Round #2 (Reversing)

muts

After a few days of fuzzing, I noticed that I covered a large part of the format (at least the part I found interesting) so I then began reverse engineering the format more thoroughly. I started by mapping out the…

Read More

Fuzzing vs Reversing – Round #1 (Fuzzing)

muts

I have recently been doing some fuzzing on the Adobe Flash Player. I started by implementing a simple format fuzzer for Flash based on a homegrown framework that I have been developing for awhile. I implemented and executed tests and progressively…

Read More

vBulletin – A Journey Into 0day Exploitation

muts

The popular vBulletin software is generally a quite secure forum application if you exclude the minimal amount of vulnerable addons. However, when new features are occasionally included, such as Profile Customization, a new vulnerability might be born.

Read More

Google Hacking Database Reborn

muts

The incredible amount of information continuously leaked onto the Internet, and therefore accessible by Google, is of great use to penetration testers around the world.  Johnny Long of Hackers for Charity started the Google Hacking Database (GHDB) to serve as…

Read More

Exploit Database, New Features!

muts

We are constantly improving the Exploit Databse and adding more functionality to it. Our latest upgrade brings some exciting features, such as searching security articles by language, and a new “Free Text Exploit Search” feature.

Read More

Exploit Database – Community Edition

muts

The Exploit Database is happy to announce some exciting EDB community features which have been implemented recently.  From the 1st of Sept, 2010, we will be inviting well established exploit writers and EDB “regulars” to have greater involvement with the…

Read More

DLL Hijacking Vulnerable Applications

dookie2000ca

Due to the overwhelming number of submissions we are receiving for applications that are vulnerable to DLL Hijacking, we will continue to update this post with submissions we receive rather than continuing to create a separate entry for each one.

Read More