Why upgrade PHP to 5.2.8? Part 2

To read part 1 of this article please refer to the previous post. Note: a large number of vulnerabilities described in this post can be exploited to bypass safe_mode. It is not recommended to rely on this PHP functionality for the security of your web servers. Only use safe_mode as a supplement to PHP code […]

Read More →

Why upgrade PHP to 5.2.8? Part 1

Note: PHP 5.2.7 is the actual version that fixes the below security holes. PHP 5.2.8 fixes an issue introduced in 5.2.7. Details from the PHP news site. A new version of the popular scripting language, PHP includes a couple of security fixes (taken from the Changelog): Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371) Fixed missing […]

Read More →

How XSS can lead to a Windows Domain compromise

Many times internal web applications are excluded from the scrutinity that external ones are subjected to. It is often assumed that attackers are on the external side of the network and therefore do not have access to any internal resources. In turn this usually leads to Web Applications being vulnerable to common security flaws such […]

Read More →

Acunetix WVS Scripting reference available

With Acunetix WVS version 6, Acunetix introduced a Port Scanner and Network Alerts. When scanning a website, a port scan against the web server can be launched (optional) and once open ports are found specific network security tests are launched against the network service running on that port. A full range of tests are available, […]

Read More →

SQL Injection in Mambo found with Acunetix AcuSensor Technology

This post shows how with Acunetix AcuSensor Technology improves scanning reliability by using sensors placed inside the web application being scanned.  It also proves that with this technology, one can detect SQL injections in INSERT statements. Such vulnerabilities cannot be found using a typical web application black box scanner. While testing AcuSensor Technology on various […]

Read More →

Facebook worm on the loose

A worm abusing Facebook‘s messaging system is making rounds between friends. It consists of an executable worm known as Koobface that runs on the victim’s computer and searches for Facebook cookies on his or her computer. It will then use these cookies to hijack an authenticated session and send a message to all of the […]

Read More →