The recent compromise of Kaspersky’s support database left the company with a bit of explaining to do. The hacker published a blog post on hackersblog detailing stunts with Kaspersky’s USA support website. Kaspersky also published their own account based on their log files and the hacker’s (nicknamed unu) blog post. The following is a summary of what happened and how such attacks can be prevented.
The hidden dangers of XSLTProcessor – Remote XSL injection
Today I’m going to talk about a new vulnerability which I named Remote XSL Injection. I didn’t find any references on the internet about this vulnerability, which I found while auditing some PHP code for a friend. PHP supports XSL transformations using the XSLTProcessor class….
Embedded devices can be hacked through the web interface
Anyone who has tested even a small number of web configuration interfaces on embedded devices, such as managed routers, VoIP gateways and wireless routers, knows that these devices are notorious for web application vulnerabilities. It is not uncommon for these devices to be vulnerable to…
Image upload forms used to hijack websites
In the past days I came across a stimulating blog post titled “Dissecting a Multistage Web Attack that uses the recent IE7 0day”. The authors described how a vulnerable web application was then able to infect web browsers visiting the infected website. The attackers, who…
How can any web page log you off all other websites?
A recent post on “Full-Disclosure” mailing list referenced a web page called “Session Destroyer”. This web page is a demonstration by Kristian Erik Hermansen that promises to make logging off various popular websites very easy. How does it work? This static html page simply contains…
American Express website vulnerable… again!
A few days ago a Cross-site-scripting vulnerability was discovered and reported on the American Express Site. A XSS vulnerability can allow attackers to steal user authentication cookies from americanexpress.com, thus leading to an account hijack. As web-security consultant Joshua D.Abraham said, web developers addressed only…
Why upgrade PHP to 5.2.8? Part 2
To read part 1 of this article please refer to the previous post. Note: a large number of vulnerabilities described in this post can be exploited to bypass safe_mode. It is not recommended to rely on this PHP functionality for the security of your web…
Why upgrade PHP to 5.2.8? Part 1
Note: PHP 5.2.7 is the actual version that fixes the below security holes. PHP 5.2.8 fixes an issue introduced in 5.2.7. Details from the PHP news site. A new version of the popular scripting language, PHP includes a couple of security fixes (taken from the…
URL Rewriting and AcuSensor Technology; automation and advantages
Note: This articles refers to an older version of Acunetix. Click here to download the latest version. Nowadays, a lot of web applications are using URL rewriting. URL rewriting involves converting normal URLs to search engine friendly URLs. Usually the reason for doing this is…