AppSec Blog: Author - Billy Rios

Spot the Vuln - Feathers

It is not only fine feathers that make fine birds. Aesop Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every … Continue reading Spot the Vuln - Feathers


Spot the Vuln - Rabbit - AuthBypass and SQLi

Details Affected Software: BlackEnergy C&C Fixed in Version: Not Patched Issue Type: Authentication Bypass and SQL Injection Original Code: Found Here Details A couple of interesting bugs here. As Abe astutely pointed out, pretty much all of the PHP at the end of the code sample is vulnerable to SQL injection. Veteran Spot the Vuln … Continue reading Spot the Vuln - Rabbit - AuthBypass and SQLi


Spot the Vuln - Rabbit

Silly rabbit,why you sweatin me? TuPac Shakur Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday, a solution is … Continue reading Spot the Vuln - Rabbit


Spot the Vuln - Third - SQL Injection

Details Affected Software: Ninja Announcements Fixed in Version: 1.3 Issue Type: SQL Injection Original Code: Found Here Details Lots of potential issues here, but we'll focus on what was patched. Here we have a basic SQL injection vulnerability. The bug is the most simple example of tracing a variable from assignment to usage. On line … Continue reading Spot the Vuln - Third - SQL Injection


Spot the Vuln - Third

Sullivan's Law: When given the choice between two alternatives, always pick the third! Patrick H. Sullivan Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where … Continue reading Spot the Vuln - Third