Cross Site Scripting using Server Headers

Cross Site Scripting using Server Headers

Cross Site Scripting using Server Headers This article is about a Cross Site Scripting Vulnerability I found by playing around with my Server. But let’s first start with the story behind it. I was messing around with my nginx config in order to mask my server header and do some other relevant stuff such as setting X-XSS-Protection and all the other headers preventing people to test for vulnerabilities properly. It is pretty easy if you do it like this: more_set_headers(‘Server: Somethingcrazy’); Well, then I wanted to check the header using an online service since I was too lazy to use […]

Read more »
Playstation.com Security issues

Playstation.com Security issues

Today I am going to report about playstation.com security issues. After reporting an SQL Injection last year and them ignoring my report fully and then removing the whole support section (awesome fix by the way), I looked over the website again. What I found was really, let´s just say dangerous.   Does the IT section of Playstation actually read the newspaper?   https://assets.software.eu.playstation.com/ POODLE -> SSLv3 Vulnerability DROWN -> Cross Protocol SSL Vulnerability CN = *.software.eu.playstation.com OU = COMODO SSL Wildcard OU = Hosted by Lumison Ltd OU = Domain Control Validated   You would think, that would be everything. […]

Read more »
Kayako Fusion 4.71.1 Server Side Request Forgery

Kayako Fusion 4.71.1 Server Side Request Forgery

Today I want to talk to you about Kayako Fusion 4.71.1. Kayako is a CMS which is widely used by hosting providers as I noticed and I actually can´t see why. It is just a ticket system and it´s not even secure. At this point, let’s just start with what we found and why it is so dangerous.   Let’s first see the Adminpanel and what it tells me:     Uhhhh…. Yeah… I always get 42 errors when logging in to my Adminpanel. Ok, not really. Just with Kayako. But well, this isn´t as bad as it may look. […]

Read more »

vBulletin 5.1.4 – 5.1.9 Object Injection

Today let’s talk about the exploit we found further. It is a vBulletin Object Insertion as you can see in the title. Thanks to some anonymous guy it was published for about 5 hours which means we can write about it now.   Where was the vulnerability and what caused it?   The vulnerability was located on /core/vb/api/hook.php and was caused by unserializing user input. What I said yesterday was: This vulnerability should have never existed. Why do I say such a thing?   Easy! Because of this:   The object injection found one and a half year ago.   […]

Read more »

vBulletin.com hacked by Coldzer0

vBulletin.com hacked by Coldzer0 vBulletin.com has been compromised by a hacker called coldzer0. The hacker claimed to have access to the Server on which vBulletin.com runs on and also posted some screenshots showing the inner structure of the Server. The question right now is: Why do we write an article about that? Well, it’s easy. vBulletin – one of the most used Forum CMS has been compromised and the issue is pretty obvious. From the info we gathered browsing the net and checking out articles, blog posts and very strange tweets, we figured out, there should be some kind of […]

Read more »

SQL Servers and Setups

Why and how SQL Servers including Scripts should be secured.   Today we want to talk about SQL Servers, Scripts and the almighty question: What could possibly go wrong? Let me answer this real quick:   Everything!   Let’s start. SQL Servers… The ones I will be talking about are MySQL (including MariaDB and all variations) and PostgresSQL. First of all let’s talk about the initial setup. Do you need anonymous users on your SQL Server? I know no real life scenario where this is actually needed, so there shouldn’t be anonymous users. Simple, huh? Actually there are alot of […]

Read more »

Why CSRF Tokens for logoutlinks are important

Why CSRF Tokens for logoutlinks are important We from Websec GesmbH experience it every day. You may have experienced it / heared it too: Why should I use a CSRF token for a logoutlink? As if I would care if my customers are logged out remotely… Well… The answer to this question is really easy. But let us give you a real life example. You are an admin of a simple Forum. The forum is really big and is hosted on the same server as your shop/or the forum is your shop. Your customers login there frequently and discuss whatever […]

Read more »

Massive Attack on CISCO Routers

Multiple researchers from the security field have uncovered attacks spanning three continents on routers responsible for directing traffic around the Internet. Researchers warn that with these attacks, the hackers are able to potentially monitor vast amounts of data all while being undetected in the process.   In the attacks, researchers have identified a highly sophisticated malicious software, code-named SYNful Knock, which effectively targeted routers owned by CISCO; the world’s top supplier. Routers have become an increasingly lucrative target for hackers in recent months. Their characterized traits of operating outside perimeter firewalls, anti-virus, and any sort of behavioral detection system make […]

Read more »