Today I’m going to talk about a new vulnerability which I named Remote XSL Injection. I didn’t find any references on the internet about this vulnerability, which I found while auditing some PHP code for a friend. PHP supports XSL transformations using the XSLTProcessor class….
Author Archives Bogdan Calin
THE AUTHOR
Bogdan Calin
URL Rewriting and AcuSensor Technology; automation and advantages
Note: This articles refers to an older version of Acunetix. Click here to download the latest version. Nowadays, a lot of web applications are using URL rewriting. URL rewriting involves converting normal URLs to search engine friendly URLs. Usually the reason for doing this is…
AcuSensor Technology in action; finding backdoors in web applications
On March 2, 2007 the following was posted on the WordPress blog: Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your…
SQL Injection in Mambo found with Acunetix AcuSensor Technology
This post shows how with Acunetix AcuSensor Technology improves scanning reliability by using sensors placed inside the web application being scanned. It also proves that with this technology, one can detect SQL injections in INSERT statements. Such vulnerabilities cannot be found using a typical web…
Running AcuSensor Injector on Windows Server 2008
If you try to run AcuSensor Injector on Windows Server 2008 you will receive the error “Error populating websites, Unknown error (0x80005000)”. AcuSensor Injector is using Active Directory Service Interfaces (ADSI) to construct a list of websites and virtual directories. ADSI is not available by…