Cross Site Scripting using Server Headers

Cross Site Scripting using Server Headers

Cross Site Scripting using Server Headers This article is about a Cross Site Scripting Vulnerability I found by playing around with my Server. But let’s first start with the story behind it. I was messing around with my nginx config in order to mask my server...
Playstation.com Security issues

Playstation.com Security issues

Today I am going to report about playstation.com security issues. After reporting an SQL Injection last year and them ignoring my report fully and then removing the whole support section (awesome fix by the way), I looked over the website again. What I found was...
Kayako Fusion 4.71.1 Server Side Request Forgery

Kayako Fusion 4.71.1 Server Side Request Forgery

Today I want to talk to you about Kayako Fusion 4.71.1. Kayako is a CMS which is widely used by hosting providers as I noticed and I actually can´t see why. It is just a ticket system and it´s not even secure. At this point, let’s just start with what we found...

vBulletin.com hacked by Coldzer0

vBulletin.com hacked by Coldzer0 vBulletin.com has been compromised by a hacker called coldzer0. The hacker claimed to have access to the Server on which vBulletin.com runs on and also posted some screenshots showing the inner structure of the Server. The question...

SQL Servers and Setups

Why and how SQL Servers including Scripts should be secured.   Today we want to talk about SQL Servers, Scripts and the almighty question: What could possibly go wrong? Let me answer this real quick:   Everything!   Let’s start. SQL Servers…...

Why CSRF Tokens for logoutlinks are important

Why CSRF Tokens for logoutlinks are important We from Websec GesmbH experience it every day. You may have experienced it / heared it too: Why should I use a CSRF token for a logoutlink? As if I would care if my customers are logged out remotely… Well… The...
Massive Attack on CISCO Routers

Massive Attack on CISCO Routers

Multiple researchers from the security field have uncovered attacks spanning three continents on routers responsible for directing traffic around the Internet. Researchers warn that with these attacks, the hackers are able to potentially monitor vast amounts of data...