AppSec Blog

Spot the Vuln - Assassins

I do not like assassins, or men of low character. Gene Hackman Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. … Continue reading Spot the Vuln - Assassins


Spot the Vuln - Fall - Cross Site Scripting

Details Affected Software: Cubed Fixed in Version: 1.0 RC2 Issue Type: Cross Site Scripting Original Code: Found Here Details This week's patch is a good one. The code sample was basically a library that only contained functions. While there isn't a blatant vulnerability in the library, there is a startling function called "PrepDataForScript". Looking at … Continue reading Spot the Vuln - Fall - Cross Site Scripting


Spot the Vuln - Fall

Some rise by sin, and some by virtue fall. William Shakespeare Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify where the security vulnerability is. Every … Continue reading Spot the Vuln - Fall


Spot the Vuln - Charming - SQL Injection

Details Affected Software: StatPressCN Fixed in Version: 1.9.1 Issue Type: SQL Injection Original Code: Found Here Details This patch was full of interesting tidbits. First, the change log for this patch is as follows: **1.9.1** + fix a flaw allowing a remote cross-site scripting attack Keep the change list description in mind as we go … Continue reading Spot the Vuln - Charming - SQL Injection


Spot the Vuln - Charming

It is absurd to divide people into good and bad. People are either charming or tedious. Oscar Wilde Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to … Continue reading Spot the Vuln - Charming