Around 10 million email addresses and passwords were recently leaked on a Russian Bitcoin forum. Many websites report about 5 million Gmail accounts the leak includes also accounts from 2 popular russian mail providers (Yandex and Mail.ru). The leak contains the following: ~5 million Gmail…
Author Archives Bogdan Calin
THE AUTHOR
Bogdan Calin
WordPress Username Enumeration using HTTP Fuzzer
In many WordPress blogs, it’s possible to enumerate WordPress users using a well-known feature/bug related to author archives. This works if the following conditions are met: WordPress permalinks are enabled. By default WordPress uses web URLs which have question marks and lots of numbers in them; however, WordPress offers…
Cookie Overdose
One of our customers recently reported that some parts of his site were not properly crawled by our scanner (Acunetix Web Vulnerability Scanner). Upon investigation, I found the cause of the problem. When a specific page was visited, a cookie with a random name and a large value…
The TweetDeck Worm: How it Worked
TweetDeck is a very popular Twitter application (with 23% market share as of June 2009). The application was acquired by Twitter on May 25, 2011. On Wednesday, the user @derGeruhn, exploited a stored XSS (cross-site scripting) vulnerability in the TweetDeck application and created a worm…
Acunetix WVS v9.5 Build 20140602 – New Security Tests
Each Acunetix WVS update generally includes new vulnerability tests or an improvement to existing checks. This post summarizes the new security tests added in the latest Acunetix WVS update. Cross Domain Data Hijacking A website is vulnerable if an attacker can create/upload a malicious Flash (SWF) file…
More comprehensive scanning with Acunetix WVS v9.5 – Part II
In addtion to full JSON and XML support (already covered in Part I), Acunetix WVS version 9.5 includes other improvements that increase the scan coverage and improves its abilities to find vulnerabilities. In this blog post, I will cover CRUD support, Host header testing and…
More comprehensive scanning with Acunetix WVS v9.5 – Part I
In these 2 articles, I will be detailing the new functionality introduced in Acunetix WVS version 9.5. An important update introduced in the new version of Acunetix WVS is full JSON and XML support. If you are scanning a web application that is exchanging data…
Scan Google Web Toolkit Applications with Acunetix
Google Web Toolkit (GWT) is an open source set of tools that allows web developers to create and maintain complex JavaScript front-end applications in Java, using the Java development tools of their choice. It is a development toolkit for building and optimizing complex browser-based applications….
Latest Acunetix release scans for Heartbleed Bug
Yesterday, an update was released for Acunetix Vulnerability Scanner which includes a test for a critical OpenSSL vulnerability named The Heartbleed Bug (CVE-2014-0160). Quote from the report: The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the…