AppSec Blog: Author - Billy Rios

Spot the Vuln - Grammys

The last thing I want is to walk into my house after a long day and see all the Grammys and awards. It would make me feel weird. Alicia Keys Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet … Continue reading Spot the Vuln - Grammys


Spot the Vuln - Writing - Fake XSS and XSRF

Details Affected Software: EOF-0x01 Fixed in Version: ? Issue Type: XSS and XSRF Original Code: Found Here Details This week, we had a couple of bugs here affecting EOF-0x01 Command and Control. A red herring is the use of echo($_POST['pw']); to build HTML markup. Upon first glance, this seems like a straight forward XSS bug. … Continue reading Spot the Vuln - Writing - Fake XSS and XSRF


Spot the Vuln - Writing

Writing is a struggle against silence. Carlos Fuentes Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday, a solution … Continue reading Spot the Vuln - Writing


Spot the Vuln - Imagination - XSS and XSRF

Details Affected Software: Zeus C&C Fixed in Version: ? Issue Type: XSS and XSRF Original Code: Found Here Details This week's bugs affected Zeus C&C 1.1.0.0. The file we're looking at is mod.bcmds.php. The first thing that popped out at me was the named constant "QUERY_STRING" that's being used in various places in code. Although … Continue reading Spot the Vuln - Imagination - XSS and XSRF


Spot the Vuln - Imagination

I am enough of an artist to draw freely upon my imagination. Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world. Albert Einstein Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take … Continue reading Spot the Vuln - Imagination