In this video we look into the details of how an attacker is able to exploit a Cross Site Scripting vulnerability in Mambo CMS (version: 4.6.5), discovered by Bogdan Calin with Acunetix Web Vulnerability Scanner. This vulnerability is affecting a POST parameter in the Mambo…
Fighting Web flaws is futile
Do you ever find yourself driving down the road in an unfamiliar place and you get that gut feeling that you’re headed in the wrong direction? Well, I feel that’s exactly where we are with application security – heading in the wrong direction. First off,…
The top Web vulnerability we face
I recently took some time off which gave me the opportunity to clear my head and think about some of the big issues we’re facing with Internet security. I thought if I had to pick one thing, what would be the greatest Web vulnerability out…
Statistics from the top 1,000,000 websites – part II
This is the second part of an older article we posted, where we present some statistics from the top 1,000,000 sites on the internet. We are using the Alexa database as source for our statistics. In the first part of this article, we presented the…
Top 10 Reasons Not to Invest in Website Security
For some light humor! 1) You really enjoy waking up in the morning with your coffee, hitting your homepage, and finding a new page marketing ‘special offers’ for ‘enhancement’ products… You spill your coffee, burn…ouch. 2) You just love getting a hosting bill showing your…
Authenticated XSS – problem or not?
Obviously, cross-site scripting (XSS) is a big problem on the public Web. But there’s another angle to XSS that no one seems to be talking about – at least I’m not seeing anything on it. It’s the issue of XSS on Web pages that are…
e107 CMS system website compromised
As part of my job here at Acunetix, from time to time I analyze source code looking for security problems. Using this information I adjust Acunetix WVS to detect these problems automatically (when it’s possible). Monday, I downloaded e107 from e107.org and started analyzing the…
2009 Security News Update – PCI Council, Aweber, Adobe – Hacks and Cracks
Back for the last entry of 2009, here are the latest updates in the security world: Aweber announces its own incursion into its site, unnumbered amount of email addresses pilfered. AWeber was recently the victim of an intentional attack to mine email addresses. We’d like…
A Malicious Website Hacker Attacks – CitiGroup Denies Knowledge
While I try and not to be so graphic with my comments, I can’t help but feel CSI-esque lately with all of these website hacker attacks. So here we go again. This time, its CITI. Just reported today by marketwatch.com, Citigroups stock sank significantly based…