Websec Cybersecurity Blog
Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.
Optimized Blind MySQL Injection Data Retrieval
Demonstrates a method to extract data from a MySQL database using blind injection in fewer requests than currently known techniques such as the Bisection and Bit Shift method.
mac2wepkey - Huawei default WEP generator
Huawei HG520 and HG530 routers are vulnerable to weak cipher attacks. It is possible to generate the default WEP/WPA key. The purpose of this post is to explain the process of developing a key generator for these devices.
Attacking Linksys WRT160N router using the "URL Obfuscation in Frames" bug
A walkthrough of combining a URL obfuscation bug in iframes with an older XSS in the Linksys WRT160N to silently enable remote administration, demonstrating a realistic drive-by attack against SOHO routers that still ship with default credentials.
Do not trust your browser's status bar
Many people rely on the status bar for checking the destination of links, but it has been proven before that it is easy to falsify.
egrepping mod_security logs
Useful commands to extract information from your mod_security logs
egrepping mod_security logs
A handy set of egrep one-liners for pulling the most useful information out of mod_security logs, including top user agents, HTTP status codes, referrers, and the scripts most frequently targeted by attackers.