Blogs

Weevely v0.7 released!

Weevely returns with improved stability, usability and with some delicious network features useful during your penetration testing or simple web shell management.

To download it go to official page or simply upgrade your BackBox and start using it reading with a quick tutorial.

Talk @ HTML.it Release Party

Raffaele Forte speaker all’evento organizzato a Roma il 2 Luglio da HTML.it.

Il founder del progetto BackBox Linux interverrà in materia di Sicurezza Applicativa con un talk dal titolo "CMS, Analisi automatica delle vulnerabilità".

FCKEditor reflected XSS vulnerability

Emilio Pinna has recently found a reflected POST XSS on a popular web WYSIWYG editor called FCKEditor. In 2009 has been rewrited and fixed with new name CKEditor, but old version is still popular as stand-alone application as WordPress/Joomla/Drupal extensions and embedded as editor in of web applications.

The bugged software was spreaded for more than six years and actually Google counts still more than 1,5 billion of results. A plausbile Google dork filtering out PHP sources could be:

inurl:fck_spellerpages/spellerpages/server-scripts/ -”The following variables”

Pages

Subscribe to RSS - blogs