Select Page

Pre-Auth MySQL remote DOS (Integer Overflow)

MySQL server is affected by a remote DoS attack, which could be exploited by a remote unauthenticated attacker to cause a loss of availability on the targeted service. The issue has been verified to affect 5.6.X branch up to 5.6.35 and 5.7.X branch up to 5.7.17. It is...

Tunna v1.1a SOCKS!

Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. Due to popular demand, in this new version, Tunna (v1.1a) can be set up to be a local SOCKS proxy, that will accept any TCP traffic and send over to the webserver using HTTP requests....

From CVS import to cmd.exe – via SQL injection

This blog post explains the process that we followed in a recent penetration test to gain command execution from a CVS import feature. One of the most challenging issues was that we had to escape commas during the SQL injection attack, as it would break the CVS...

HSFPP – HTTP session fixation parameter pollution

Session fixation is an issue whereby an attacker is able to set a session token for a victim, and therefore being able to hijack the victim’s session. HTTP pollution of a fixated cookie could potentially have devastating consequences. A general recommendation...

Stacked based MSSQL blind injection bypass methodology

If you have a blind SQL injection you are already in a good position. Exploitation however, depending on the type of the blind SQL injection, can take time. This post is part of a methodology used for obtaining output from a stacked based blind SQL injection....

Inter-Protocol Communication – Exploitation

What is it? Inter-Protocol Communication is the ability of two different protocols to exchange meaningful commands and data. These two protocols can be called the target protocol and the carrier protocol. The target protocol is the protocol on the receiving end with...