AppSec Blog

Spot the Vuln - State - Defense in Depth

Details Affected Software: Adrenalin C&C Fixed in Version: Not Patched Issue Type: Defense in Depth Original Code: Found Here Details First, I'll talk about a couple of interesting things about this bug that cannot be seen from just the code sample. When I received this sample, it was encoded with Zend Guard. While the Zend … Continue reading Spot the Vuln - State - Defense in Depth


Spot the Vuln - State

State Legislators are merely politicians whose darkest secret prevents them from running for a higher office. Dennis Miller Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to … Continue reading Spot the Vuln - State


Spot the Vuln - Feathers - SQLi

Details Affected Software: Corpse C&C Fixed in Version: Not Patched Issue Type: SQL Injection Original Code: Found Here Details This week's bugs are in the CORPSE C&C (in the bsrv.php file). There are a couple of bugs here, most of them are very straight forward. Funny stuff first'' if $ver is blank, we will fail … Continue reading Spot the Vuln - Feathers - SQLi


Spot the Vuln - Feathers

It is not only fine feathers that make fine birds. Aesop Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every … Continue reading Spot the Vuln - Feathers


Spot the Vuln - Rabbit - AuthBypass and SQLi

Details Affected Software: BlackEnergy C&C Fixed in Version: Not Patched Issue Type: Authentication Bypass and SQL Injection Original Code: Found Here Details A couple of interesting bugs here. As Abe astutely pointed out, pretty much all of the PHP at the end of the code sample is vulnerable to SQL injection. Veteran Spot the Vuln … Continue reading Spot the Vuln - Rabbit - AuthBypass and SQLi