AppSec Blog

Spot the Vuln - Feathers - SQLi

Details Affected Software: Corpse C&C Fixed in Version: Not Patched Issue Type: SQL Injection Original Code: Found Here Details This week's bugs are in the CORPSE C&C (in the bsrv.php file). There are a couple of bugs here, most of them are very straight forward. Funny stuff first'' if $ver is blank, we will fail … Continue reading Spot the Vuln - Feathers - SQLi


Spot the Vuln - Feathers

It is not only fine feathers that make fine birds. Aesop Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every … Continue reading Spot the Vuln - Feathers


Spot the Vuln - Rabbit - AuthBypass and SQLi

Details Affected Software: BlackEnergy C&C Fixed in Version: Not Patched Issue Type: Authentication Bypass and SQL Injection Original Code: Found Here Details A couple of interesting bugs here. As Abe astutely pointed out, pretty much all of the PHP at the end of the code sample is vulnerable to SQL injection. Veteran Spot the Vuln … Continue reading Spot the Vuln - Rabbit - AuthBypass and SQLi


Spot the Vuln - Rabbit

Silly rabbit,why you sweatin me? TuPac Shakur Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every Friday, a solution is … Continue reading Spot the Vuln - Rabbit


Safer Software through Secure Frameworks

We have to make it easier for developers to build secure apps, especially Web apps. We can't keep forcing everybody who builds an application to understand and plug all of the stupid holes in how the Web works on their own - and to do this perfectly right every time. It's not just wasteful: it's … Continue reading Safer Software through Secure Frameworks