AppSec Blog

Spot the Vuln - Action - Defense in Depth

Details Affected Software: PixelPost Fixed in Version: ? Issue Type: Insecure password reset functionality Original Code: Found Here Details This week's bug is more of a design issue as opposed to an implementation issue. I actually first heard about this code from SkullSecurity's excellent articles on "Hacking Crappy Password Resets" articles published in late March. … Continue reading Spot the Vuln - Action - Defense in Depth


Spot the Vuln - Action

Take time to deliberate; but when the time for action arrives, stop thinking and go in. Napoleon Bonaparte Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to … Continue reading Spot the Vuln - Action


Spot the Vuln - Expands - Cross Site Scripting

Details Affected Software: WordPress Core Fixed in Version: 2.8 Issue Type: Cross Site Scripting Original Code: Found Here Details This week's bug was subtle. The patch submitted by the developer addresses an XSS bug. Looking at the diff, we see that $title and $selection come from the query string. These values are fixed up before … Continue reading Spot the Vuln - Expands - Cross Site Scripting


Spot the Vuln - Expands

Life shrinks or expands in proportion to one's courage Anais Nin Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every … Continue reading Spot the Vuln - Expands


Spot The Vuln - Notes - SQL Injection

Details Affected Software: Sermon Browser WordPress Plugin Fixed in Version: .44 Issue Type: Cross Site Scripting Original Code: Found Here Details There are a couple of different issues here, but let's focus on what the developers patched. On line 27, the developer uses the $_GET[''getid3'] value to build a dynamic SQL statement. This is classic … Continue reading Spot The Vuln - Notes - SQL Injection