CubeCart 4 session management bypass leads to administrator access

Release Date: 2009/10/29 Author: Bogdan Calin (bogdan [at] acunetix [dot] com) Severity: Critical Vendor Status: Vendor has released an updated version Release Date : 2009/10/29 Author : Bogdan Calin (bogdan [at] acunetix [dot] com) Severity : Critical Vendor Status : Vendor has released an updated version I. Background From Wikipedia: CubeCart is a free-to-use eCommerce […]

Read More →

Acunetix WVS Version 6.5 build 20091027 released

An updated build for Acunetix WVS Version 6.5 has been released.  It includes a number of bug fixes. Bug fixes: Fixed: Redirect on LoginSequenceStep was not followed correctly Fix in URL Rewrite module to remove GetVars before matching rules How to upgrade: On starting up Acunetix WVS, a pop up window will automatically notify you […]

Read More →

Acunetix WVS Version 6.5 build 20091012 released

An updated build for Acunetix WVS Version 6.5 has been released with some bug fixes. Bug fixes: Fixed: Memory leak when invoking state change handler Fixed: Item index for an item which has just been inserted fails in the Browserframe Fixed: Error in indexing the get variables when redirecting in Session management How to upgrade: […]

Read More →

Statistics from 10,000 leaked Hotmail passwords

An anonymous user posted usernames and passwords for over 10,000 Windows Live Hotmail accounts to web site PasteBin. PasteBin is currently down for maintenance but I managed to get a copy of the list and quickly generated some statistics from these passwords. First, my impression is that these passwords have been gathered using phishing kits. […]

Read More →

Acunetix WVS Version 6.5 build 20091005 released

An updated build for Acunetix WVS Version 6.5 has been released with some improvements, bug fixes and new security checks. New: Added a new check for SVN repositories Improvements: Improved MultiRequest paramenter manipulation; now using the form matcher to match parameter values Improved SQL injection tests Improved Application error tests Bug Fixes: Bug fixes: Fixed: […]

Read More →

VIDEO: Exploring the capabilities of Acunetix WVS Login Sequence Recorder; automating dynamic web applications crawling

The Acunetix WVS Login Sequence Recorder can be used for many other tasks rather than just to scan password protected areas.  If used appropriately it will help you in automating most of the crawling process.  Therefore the Acunetix WVS Login Sequence Recorder can be used to: – Configure the crawler to crawl a pre-defined path […]

Read More →

Acunetix WVS Version 6.5 build 20090917 released

An updated build for Acunetix Version 6.5 has been released with some improvements and bug fixes. New: Added two new blind SQL injection tests Added a new scanning profile for stored XSS only Added HTTP verb tempering using POST method check Improvements: Improved appearance for compliance report by adding visual markets and several other presentation […]

Read More →

How to secure web servers and database servers

Web servers are one of the most targeted public faces of an organization.  Securing a web server is as important as securing the website or web application itself and the network around it. Although securing a web server can be a daunting operation and requires specialist expertise, it is not an impossible task to achieve. […]

Read More →