AppSec Blog: Author - Billy Rios

Spot the Vuln - Shape - SQL Injection

Details Affected Software: Zunkerbot C&C Fixed in Version: Not Patched Issue Type: SQL Injection Original Code: Found Here Details This week's bug affects the task.php for the Zunkerbot C&C. Looking at line 5, we see that magic quotes is set: set_magic_quotes_runtime(1); Obviously, this was done by the malware author to prevent SQL injection attacks. Assuming … Continue reading Spot the Vuln - Shape - SQL Injection


Spot the Vuln - Shape

I was scared I was going to have some weird shape to my head and I was pleased that I didn't. Edward Furlong Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the … Continue reading Spot the Vuln - Shape


Spot the Vuln - State - Defense in Depth

Details Affected Software: Adrenalin C&C Fixed in Version: Not Patched Issue Type: Defense in Depth Original Code: Found Here Details First, I'll talk about a couple of interesting things about this bug that cannot be seen from just the code sample. When I received this sample, it was encoded with Zend Guard. While the Zend … Continue reading Spot the Vuln - State - Defense in Depth


Spot the Vuln - State

State Legislators are merely politicians whose darkest secret prevents them from running for a higher office. Dennis Miller Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to … Continue reading Spot the Vuln - State


Spot the Vuln - Feathers - SQLi

Details Affected Software: Corpse C&C Fixed in Version: Not Patched Issue Type: SQL Injection Original Code: Found Here Details This week's bugs are in the CORPSE C&C (in the bsrv.php file). There are a couple of bugs here, most of them are very straight forward. Funny stuff first'' if $ver is blank, we will fail … Continue reading Spot the Vuln - Feathers - SQLi