During a web application test one of the most precious bugs you can find is a good-old SQL injection: These vulnerabilities can lead you to bypass all the security controls of the application, elevate your privileges and find new (possibly vulnerable) functionality and in the end take control over the...
2014-01-10 — 4 minute readIn this post I will share my testing experiences about a web application protected by a web application firewall (WAF). The investigation of the parameters of web interfaces revealed that I can perform XSS attacks in some limited ways. The target implemented blacklist-based filtering that provided some HTML tag and...
2014-01-06 — 2 minute readAfter I read the description of the Plesk vulnerability CVE-2012-1557 I decided to investigate the application a bit deeper. You can download a fully installed VMware image from the internet so you can skip the install and save some time. The PHP files which belong to the PLESK application are...
2013-12-17 — 4 minute readWelcome to the technical blog of the Silent Signal crew! We are a Hungarian IT-security company focused mainly on penetration testing. As strong believers of the original hacker philosophy we’ve always supported the boundless flow of thoughts and information that we’ve also been benefiting very much from. After years spent...
2013-12-05 — 1 minute read