Month: May 2010

Speedy-Shop 2.0 CMS – Blind SQL injection vulnerability

Here another vuln I found in the last days on Speedy-Shop 2.0 CMS… the threat was fixed very quickly, nice job!



New Attack Vectors

Lately there is a real explosion of new attack vectors, in fact today is really simple to include an evil payload into a picture, an office doc or a pdf. This type of weakness afflict a very large range of targets and can be used to exploit local applications or web server with a minimal or null user interaction.

Also the detection of such threats is not so simple due to the nature of the vulnerability. Now I will show few of these methods applied to real applications and services.