We are glad to announce that Garage4hackers is now a community partner for Hack In The Box Security Conference
HITBSecConf2017 - Amsterdam
Early Bird Registration Closes 31st December. Register now and save!
WHEN & WHERE?
The Netherlands taking place on April 10th Ė 14th at the NH Grand Krasnapolsky in Amsterdam.
WHAT's IN IT FOR ME?
Recently, I stumbled on a very simple bug in Foxit Reader for Mac and Linux (From here on, just Foxit Reader). The vulnerability was caused by improper file permissions granted on core Foxit Reader's files on Linux and Mac systems. An attacker with a low privilege access could've exploited this vulnerability to elevate their privileges, execute commands as a higher privileged user, or both.
The version affected were:
Foxit Reader for Mac 2.1.0.0804
Hey all ,
Few months back I found a command injection bug in Google Cloud shell
Since the title goes by the name "command injection" , you all might be thinking it as "normal Command injection which affects servers" but this vulnerability is quite different.
We can put this in different way as "Client Side command injection".
Lets get into the finding
While I was testing "console.cloud.google.com"
Updated 03-16-2016 at 03:08 PM by 41.w4r10r
I have some work to do. I have some salted hashed files from the dump MySql database. I need to crack the password from the salted hashed files. I have used hashcat, findmyhash and many more other things to crack but unsuccessful. So need your help. If anyone can help me, i will really appreciate this. I only have one day left. Here is the salted :
Originally Posted by [s]
During my regular job, I unravelled an interesting vulnerability of Unauthenticated File Upload in Oracle E-business Suite 0-day vulnerability. This particular Upload Bug can be easily used to upload files on the web-server and also an attacker can flood the hard-disk of the server,thus making it easier for an attacker to leverage the vulnerability remotely.
Oracle released Critical Patch Update containing security fixes for the Oracle E-Business Suite. This vulnerability is remotely
Hello Guys, After several days I was busy at work, I come back with a new subject which you can see on top of this text. Before I start, Iíve to say my IOS is updated and version is 8.3. Keep reading to know more.
I donít want make it hard to be understood, so I explain it basic and fast. All you need to do is to turn on WiFi or mobile internet data and lock the screen, as you can see, iPhone just let you to call emergency numbers [example: 911]. Now you hold the ďHomeĒ button and
Hello world! [ Including People , Robots, Zombies Dariush & Arash, Alien dudes if they exist, and my friends ], By the way, I decided to write about a Gmail Bug. Itís not a vulnerability of Gmail but itís some kind of bug let us know if we hack a Gmail, we can login it or not without alert the Gmail owner. I talking about 2-Step verification, Imagine to grab a Gmail password and not be sure to login or not , victim might be use Gmail SMS auth service and when you click login, Google send victim
When security researchers and hackers want to setup a self blog, the biggest stress on their head is what to do to secure their server(s) and site(s). what if someone come and naughty their server(s) ? what if server get DOS/DDOS attack when they donít have access to fix up their server(s) and they are travelling or go for business or something and they canít access their server(s) for some reason. After some years that I spent my life on information security I release that nothing canít be secure
Updated 05-29-2015 at 09:59 PM by G3n3Rall
Originally Posted by plage
Hello all, It recently came to my attention a command injection exploitation tool, which has the name commix ( 1 ) and by using it, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string.
Commix seems to be a great command injection tool which successfully exploits many vulnerable applications such as DVWA, bWAPP, ShelLOL, Persistence, Kioptrix(2014), w3af-moth etc.
I found references on that tool in many sites,
Today being another day at work for SecureLayer7 to recover our clientís defaced website, and bang I think I hit upon a nasty vulnerability of a famous plugin.
Although we successfully patched the vulnerability and we fixed the undoing of the blacklisting. On further research I stumbled upon its usage over the internet and as it turns out large number of web users online are affected, putting them to greater risk if not mitigated with a proper patch or an update.