The earliest public mention I could find of SQL Injection (‘piggybacking SQL statements’ as the author put it) was from someone who called himself Rain Forest Puppy (RFP). In 1998 RFP wrote an article for Phrack Magazine (Volume 9, Issue 54) in which he talks…
Sites Infected with Website Malware Every 3.6 Seconds
A lot of web sites out there have an array of vulnerabilities and your site could easily be one of them! A recent study based on the first six months of this year found that every 3.6 seconds a new web site is infected. That…
CubeCart 4 session management bypass leads to administrator access
Release Date: 2009/10/29 Author: Bogdan Calin (bogdan [at] acunetix [dot] com) Severity: Critical Vendor Status: Vendor has released an updated version Release Date : 2009/10/29 Author : Bogdan Calin (bogdan [at] acunetix [dot] com) Severity : Critical Vendor Status : Vendor has released an updated…
Acunetix WVS Version 6.5 build 20091027 released
An updated build for Acunetix WVS Version 6.5 has been released. It includes a number of bug fixes. Bug fixes: Fixed: Redirect on LoginSequenceStep was not followed correctly Fix in URL Rewrite module to remove GetVars before matching rules How to upgrade: On starting up…
Acunetix WVS Version 6.5 build 20091012 released
An updated build for Acunetix WVS Version 6.5 has been released with some bug fixes. Bug fixes: Fixed: Memory leak when invoking state change handler Fixed: Item index for an item which has just been inserted fails in the Browserframe Fixed: Error in indexing the…
Secure Password Recommendations and Research
You have a lot of things you try to keep secure, and some of them you simply have to put in other people’s hands because you can’t do it on our own (like your website *hint hint*). However, there are some things you do have…
Statistics from 10,000 leaked Hotmail passwords
An anonymous user posted usernames and passwords for over 10,000 Windows Live Hotmail accounts to web site PasteBin. PasteBin is currently down for maintenance but I managed to get a copy of the list and quickly generated some statistics from these passwords. First, my impression…
Acunetix WVS Version 6.5 build 20091005 released
An updated build for Acunetix WVS Version 6.5 has been released with some improvements, bug fixes and new security checks. New: Added a new check for SVN repositories Improvements: Improved MultiRequest paramenter manipulation; now using the form matcher to match parameter values Improved SQL injection…
Acunetix WVS Version 6.5 build 20090917 released
An updated build for Acunetix Version 6.5 has been released with some improvements and bug fixes. New: Added two new blind SQL injection tests Added a new scanning profile for stored XSS only Added HTTP verb tempering using POST method check Improvements: Improved appearance for…