The BodgeIt Store - another vulnerable web app

Hi folks, I've recently open sourced a vulnerable web app, called The BodgeIt Store: http://code.google.com/p/bodgeit/ Why? Well, you can never have too many vulnerable apps to test against, but also because I've found that many of the existing apps are non trivial to install - they either have a...

HTB22922: XSS vulnerabilities in phpAlbum.net

Vulnerability ID: HTB22922 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphpalbumnet.html Product: phpAlbum.net Vendor: Patrik Jakab http://www.phpalbum.net/ Vulnerable Version: 0.4.1-14fix06 Vendor Notification: 31 March 2011 Vulnerability Type: XSS Cross Site Scripting Risk...

HTB22929: Multiple Path disclosure in WebsiteBaker

Vulnerability ID: HTB22929 Reference: http://www.htbridge.ch/advisory/multiplepathdisclosureinwebsitebaker.html Product: WebsiteBaker Vendor: Website Baker Org http://www.websitebaker2.org/ Vulnerable Version: 2.8.1 Vendor Notification: 29 March 2011 Vulnerability Type: Path disclosure Risk level...

WebsiteBaker 2.8.1 Path Disclosure / SQL Injection

=================================== Vulnerability ID: HTB22929 Reference: http://www.htbridge.ch/advisory/multiplepathdisclosureinwebsitebaker.html Product: WebsiteBaker Vendor: Website Baker Org http://www.websitebaker2.org/ Vulnerable Version: 2.8.1 Vendor Notification: 29 March 2011...

Sqlmap v.0.9 - automatic SQL injection and database takeover tool !

Sqlmap v.0.9 - automatic SQL injection and database takeover tool ! sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for...

PenTBox 1.4 – Penetration Testing Security Suite Download

PenTBox 1.4 – Penetration Testing Security Suite Download PenTBox, a security framework written in Ruby and multiplatform actually working even on iOS and Android!. Tools & Features Updated Technical features - GNU/GPLv3 License. Free in freedom and in price. - Multi-platform Ruby: GNU/Linux,...

The Social-Engineer Toolkit v1.3.2 , New version Download !

The Social-Engineer Toolkit v1.3.2 , New version Download ! The Social Engineering Toolkit SET is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the...

[SECURITY] Fedora 15 Update: rubygem-actionmailer-3.0.5-1.fc15

Makes it trivial to test and deliver emails sent from a single service laye r...

[SECURITY] Fedora 15 Update: rubygem-actionpack-3.0.5-1.fc15

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 15 Update: rubygem-activemodel-3.0.5-1.fc15

Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...

Eleanor CMS rc5 Cross Site Scripting / SQL Injection

================================= Vulnerability ID: HTB22912 Reference: http://www.htbridge.ch/advisory/multiplesqlinjectionsineleanorcms.html Product: Eleanor CMS Vendor: Eleanor CMS http://eleanor-cms.ru/ Vulnerable Version: rc5 Vendor Notification: 22 March 2011 Vulnerability Type: SQL Injecti...

Feng Office 1.7.3.3 CSRF Vulnerability

Exploit for php platform in category web applications Product: Feng Office Vendor: Secure Data SRL http://www.fengoffice.com/ Vulnerable Version: 1.7.3.3 and probably prior versions Vendor Notification: 17 March 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Low Credit:...

Hacker group defies U.S. law, defends exposing McAfee vulnerabilities !

The hacker group that exposed holes in McAfee's website knows it's breaking U.S. law, but vows to continue exposing vulnerabilities, especially on security vendor websites. The hacker group that exposed holes in McAfee's website knows it's breaking U.S. law, but vows to continue exposing...

HTB22931: XSS vulnerability in InTerra Blog Machine

Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininterrablogmachine.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably prior versions Vendor Notification: 31 March 2011...

Fedora 13 : wordpress-3.1-1.fc13 (2011-3738)

In order to protect against two CVEs, I'm upgrading Wordpress in all releases to 3.1. In addition, this will obsolete wordpress-mu, since this functionality has been migrated to the main wordpress release as of wordpress 3.0, and wordpress-mu has been deprecated upstream. I would not normally mak...

mvmmall shop Mall system, the latest injection vulnerability and fix(search.php)-vulnerability warning-the black bar safety net

mvmmall shop Mall system, the latest injection 0day issues out in the search search. php this file. The code is as follows: ? php requireonce ‘include/common.inc.php’; requireonce ROOTPATH.’header.php’; if$action!=’ search’ $searchkey = ”; if isset$pssearch //Omitted a bunch of stuff $tagids =...

CAT – Web Application Security Test & Assessment Tool

CAT is designed to facilitate manual web application penetration testing for more complex, demanding application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much mor...

The Open Pentest Bookmark Collection v1.4

We are pleased to announce the release of version 1.4 yes 1.3 squeaked by without a blog post of the Open Pentest Bookmarks Collection. They have added a large amount of community submissions, with the addition of severalnew sections. They have also moved around some of the bookmarks to better...

SyndeoCMS 2.8.02 XSS / Path Disclosure / SQL Injection

================================= Vulnerability ID: HTB22899 Reference: http://www.htbridge.ch/advisory/pathdisclosureinsyndeocms.html Product: SyndeoCMS Vendor: http://www.syndeocms.org/ http://www.syndeocms.org/ Vulnerable Version: 2.8.02 Vendor Notification: 10 March 2011 Vulnerability Type:...

SyndeoCMS 2.8.02 - Multiple Vulnerabilities (2)

SyndeoCMS 2.8.02 - Multiple Vulnerabilities 2 Vulnerability ID: HTB22901 Reference: http://www.htbridge.ch/advisory/sqlinjectioninsyndeocms.html Product: SyndeoCMS Vendor: http://www.syndeocms.org/ http://www.syndeocms.org/ Vulnerable Version: 2.8.02 Vendor Notification: 10 March 2011 Vulnerabili...