Details Affected Software: Short URL Plugin Fixed in Version: Changeset 55280 Issue Type: SQL Injection Original Code: Found Here Description This weeks' vulnerabilities were a couple of SQL injection bugs in the Short URL Plugin for WordPress. The symptoms for the issues indicate classic SQL injection, let's have a quick look at the code. First, … Continue reading Spot the Vuln - Vegetables - SQL Injection
People need trouble — a little frustration to sharpen the spirit on, toughen it. Artists do; I don't mean you need to live in a rat hole or gutter, but you have to learn fortitude, endurance. Only vegetables are happy. - William Faulkner Spot the Vuln uses code snippets from open source applications to demonstrate … Continue reading Spot the Vuln - Vegetables
Backgrounding and Snapshots In iOS when an application moves to the background the system takes a screen shot of the application's main window. This screen shot is used to animate transitions when the app is reopened. For example, pressing the home button while using the logon screen of the Chase App results in the following … Continue reading What's in Your iOS Image Cache?
Details Affected Software: PunBB Fixed in Version: 1.3.2 Issue Type: SMTP Command Injection Original Code: Found Here Description Interesting bug here. In 2008, Stefan Esser reported a bug to the PunBB team which described a SMTP command injection vulnerability. If we look at the code below, we see that PunBB opens a socket connection to … Continue reading Spot the Vuln - Sleep - SMTP Command Injection
It is a common experience that a problem difficult at night is resolved in the morning after a committee of sleep has worked on it. - John Steinbeck Spot the Vuln uses code snippets from open source applications to demonstrate vulnerabilities in real world web applications. Every Monday morning a vulnerable code snippet is posted. … Continue reading Spot the Vuln - Sleep