Websec Cybersecurity Blog
Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.
A series of SQL Injection challenges
I want to introduce three SQL Injection challenges which were created for a CTF, but have yet to be solved... Could you be the first?
Using Burp to exploit a Blind SQL Injection
How to use Burp Suite to automate the process of extracting information from a SQL database through a Blind SQL Injection.
Cookie Stealing By Router Pharming (2Wire)
A multi-stage exploit that chains cross-site scripting, an information-disclosure magic URL, and a default-WEP password reset on 2Wire routers to poison DNS and harvest cookies from nearly any domain the victim visits.
Remote credential and configuration disclosure of Huawei HG5XX devices using Nmap.
A new NSE script called "http-huawei-hg5xx-vuln" has been added to Nmap which exploits a couple of vulnerabilities found in Huawei HG5XX modems.
Detecting and exploiting vulnerable PHP-CGI applications
A critical vulnerability affecting PHP applications which use the CGI interprerter was published which allows attackers to view the source code and execute code remotely.
Bypassing Web Application Firewalls with SQLMap Tamper Scripts
An introduction to SQLMap's new tamper scripts and how they can be used to bypass Web Application Firewalls and Intrusion Detection Systems.