HackDig : Dig high-quality web security articles for hacker

How to Stop a Botnet Created by Angler Exploit Kits

We all are aware of what a botnet is, and most of us know the damage that it can cause when some bad actor takes over many of our corporate endpoints. But what we might not know is how easy it is to create botnets. With recent research, however, we can see exactly how this is done and hopefully get some insights into how to block and stop them from operating
Publish At:2015-09-02 22:35 | Read:2558 | Comments:0 | Tags:Malware Angler Botnet Domain Name Server (DNS) exploit kit H

LimeSurvey v2.00+ (build 131107) Script Insertion And SQL Injection Vulnerability

LimeSurvey suffers from a stored cross-site scripting and SQL Injection vulnerability. Input passed to the ‘label_name’ POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Input passed to the &#
Publish At:2014-08-13 01:56 | Read:4927 | Comments:0 | Tags:Internal admin advisory arbitrary auth code fix html inserti

BoxBilling 3.6.11 (mod_notification) Stored Cross-Site Scripting Vulnerability

BoxBilling suffers from a stored cross-site scripting vulnerability. Input passed to the ‘message’ POST parameter thru the ‘Notification Center’ extension/module is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of a
Publish At:2014-08-13 01:56 | Read:4283 | Comments:0 | Tags:Internal advisory boxbilling cross-site html injection javas

Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities

Multiple stored XSS and CSRF vulnerabilities exist when parsing user input to several POST parameters. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious w
Publish At:2014-08-13 01:55 | Read:3837 | Comments:0 | Tags:Internal advisory application crm csrf exploit flaw html inj

[Перевод] HTML-импорт — include для веба: часть 2

Перевод статьи «HTML Imports #include for the web», Eric Bidelman. Ссылка на первую часть перевода. Предоставление веб-компонентов HTML-импорт упрощает загрузку и повторное использование кода. В частности, это хороший способ распространения веб-компонентов. Это касается как простых HTML <template>, так и полноценных кастомных элементов с теневым
Publish At:2014-08-10 22:20 | Read:4500 | Comments:0 | Tags:HTML Веб-разработка html import html5 w3c web-разработка

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud