Friday Squid Blogging: Good Squid Fishing in the Exmouth Gulf

The conditions are ideal for squid fishing in the Exmouth Gulf in West Australia. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...

Turn Off Siri on Your Lock Screen for Better iOS Security

Every new version of iOS seems to bring with it a fresh lock screen bypass. Head the next one off by shushing Siri on your lock screen...

OLX: blog.praca.olx.pl database credentials exposure

Hi, I found that the site blog.praca.olx.pl is exposing the content of wp-config.php file in plaintext due that a misconfiguration in the file-manager plugin. The information can be accessed here: http://blog.praca.olx.pl/wp-content/uploads/file-manager/log.txt The credentials are stored in the...

phpBB 3.2.3: Phar Deserialization to RCE

Impact phpBB is one of the oldest and most popular board software. If an attacker aims to take over a board running phpBB3, he will usually attempt to gain access to the admin control panel by means of bruteforcing, phishing or XSS vulnerabilities in plugins that the target site has installed. Bu...

HackerOne: Verbose PHP error messages exposed on a blog article

Hey guys! For what its worth, warning messages aren't suppressed on the /blog/ endpoint, giving verbose PHP error messages when visiting a blog article such as https://www.hackerone.com/blog/H1-702-2018-makes-history-over-500K-bounties-paid. F374066 Impact Not much impact, just disclosures of pat...

careers-blog.chipotle.com XSS vulnerability

Open Bug Bounty ID: OBB-696715 Description| Value ---|--- Affected Website:| careers-blog.chipotle.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score...

Security Bulletin: IBM DataPower Gateway is affected by a Denial of Service vulnerability (CVE-2018-12115)

Summary IBM DataPower Gateway has addressed the following vulnerability: CVE-2018-12115 Vulnerability Details CVEID: CVE-2018-12115 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an out-of-bounds write in Buffer. An attacker could exploit this vulnerability to write to memor...

OOP CMS BLOG 1.0 SQL Injection

Exploit Title: OOP CMS BLOG 1.0 - 'search' SQL Injection Dork: N/A Date: 2018-11-06 Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category: Webapps Tested on:...

OOP CMS BLOG 1.0 - search SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: OOP CMS BLOG 1.0 - 'search' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category:...

blog.mozilla.org Improper Access Control vulnerability

Open Bug Bounty ID: OBB-695400 Description| Value ---|--- Affected Website:| blog.mozilla.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:|...

OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)

OOP CMS BLOG 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-06 Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link:...

OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)

Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-06 Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category: Webapps Tested on...

OOP CMS BLOG 1.0 - 'search' SQL Injection

Exploit Title: OOP CMS BLOG 1.0 - 'search' SQL Injection Dork: N/A Date: 2018-11-06 Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category: Webapps Tested on:...

Fantastic Blog CMS 1.0 - id SQL Injection

Fantastic Blog CMS 1.0 - id SQL Injection Exploit Title: Fantastic Blog CMS 1.0 - 'id' SQL Injection Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/ronald-ronniem/ Software Link:...

Fantastic Blog CMS 1.0 - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Fantastic Blog CMS 1.0 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/ronald-ronniem/ Software Link:...

Fantastic Blog CMS 1.0 - 'id' SQL Injection

Exploit Title: Fantastic Blog CMS 1.0 - 'id' SQL Injection Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/ronald-ronniem/ Software Link: https://www.sourcecodester.com/sites/default/files/download/Ronald%20Ronnie/fantasticblog0.zip...

CVE-2018-18736

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."...

CVE-2018-18735

A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33...

CVE-2018-18736

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."...

CVE-2018-18735

A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33...