AppSec Blog

Spot the Vuln - Wood

Remember, a chip on the shoulder is a sure sign of wood higher up. - Brigham Young Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. Take a look at the vulnerable code and try to identify … Continue reading Spot the Vuln - Wood


Spot the Vuln - Vegetables - SQL Injection

Details Affected Software: Short URL Plugin Fixed in Version: Changeset 55280 Issue Type: SQL Injection Original Code: Found Here Description This weeks' vulnerabilities were a couple of SQL injection bugs in the Short URL Plugin for WordPress. The symptoms for the issues indicate classic SQL injection, let's have a quick look at the code. First, … Continue reading Spot the Vuln - Vegetables - SQL Injection


Spot the Vuln - Vegetables

People need trouble — a little frustration to sharpen the spirit on, toughen it. Artists do; I don't mean you need to live in a rat hole or gutter, but you have to learn fortitude, endurance. Only vegetables are happy. - William Faulkner Spot the Vuln uses code snippets from open source applications to demonstrate … Continue reading Spot the Vuln - Vegetables


What's in Your iOS Image Cache?

Backgrounding and Snapshots In iOS when an application moves to the background the system takes a screen shot of the application's main window. This screen shot is used to animate transitions when the app is reopened. For example, pressing the home button while using the logon screen of the Chase App results in the following … Continue reading What's in Your iOS Image Cache?


Spot the Vuln - Sleep - SMTP Command Injection

Details Affected Software: PunBB Fixed in Version: 1.3.2 Issue Type: SMTP Command Injection Original Code: Found Here Description Interesting bug here. In 2008, Stefan Esser reported a bug to the PunBB team which described a SMTP command injection vulnerability. If we look at the code below, we see that PunBB opens a socket connection to … Continue reading Spot the Vuln - Sleep - SMTP Command Injection