TalkTalk breach could affect 4 million users Another cellphone provider has hit the headlines with a breach; this time the UK provider TalkTalk. Following an attack which occurred in February, this latest breach happened last week and the company has admitted that not all stolen…
SQLi part 4: In-band SQLi (Classic SQLi)
SQL injection can be classified into three major categories – In-band SQLi, Inferential SQLi and Out-of-band SQLi. In this article we shall be exploring In-band SQL Injection. LEARN MORE: SQL Injection Cheat Sheet by Invicti In-band SQLi (Classic SQLi) In-band SQL injection is the most…
000webhost Breach Exposes 13 Million Passwords
000webhost is one of the most popular free hosting providers out on the Internet. Unfortunately for them and their users, all their 13 million user accounts have had their usernames and passwords leaked through what was eventually revealed to be a database breach via an…
SQLi part 3: The anatomy of an SQL Injection attack
An SQL injection needs just two conditions to exist – a relational database that uses SQL, and a user controllable input which is directly used in an SQL query. In the example below, it shall be assumed that the attacker’s goal is to exfiltrate data from…
New Joomla! SQL Injection vulnerability gives attackers full control of your website
A high-severity SQL injection vulnerability has been identified in versions 3.2 through to 3.4.4 of Joomla!. The popular Content Management System (CMS), second only to WordPress with a staggering 6.6% CMS marketshare (as of October 23, 2015, based on a W3Techs’ trend reports runs on an estimated…
Get tested during Cyber Security Awareness Month
It is October again, and that means that it is a better time than ever to set aside some time to gather the relevant troops inside your organization to evaluate your information security posture – because October is National Cyber Security Awareness Month! Since its…
In the headlines: Flash and Chrome patches, Dridex botnet, WP Akismet and more
Flash Zero Day receives emergency patch Poor old Flash is in the headlines again, and this time for a zero-day flaw which is being actively exploited. Reported by a researcher and the Google Zero Day project, no details of the vulnerability have been disclosed but…
Gartner recognizes Acunetix as a Challenger for Application Security Testing in 2015
Acunetix Receives 2nd highest product score for Manual Web Penetration Testing in Gartner’s 2015 Critical Capabilities for Application Security Testing Report Gartner, Inc., the leading provider of research and analysis on the global information technology industry, has recognised Acunetix as a challenger, assigning Acunetix Web…
SQLi part 2: What’s the worst an attacker can do with SQL?
SQL is a programming language designed for managing data stored in an RDBMS, therefore SQL can be used to access, modify and delete data. Furthermore, in specific cases, an RDBMS could also run commands on the operating system from an SQL statement. Keeping the above…