Category Archives: Server Side Request Forgery

What We Can Learn from the Capital One Hack

Posted on by

On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One. Since then, many have speculated the breach was perhaps the result of a previously unknown “zero-day” flaw, or an “insider” attack in which the accused took advantage of access surreptitiously obtained from her former employer. But new information indicates the methods she deployed have been well understood for years. Continue reading What We Can Learn from the Capital One Hack

What You Need To Know About Server Side Request Forgery (SSRF)

Posted on by

SSRF or Server Side Request Forgery is an attack vector that has been around for a long time, but do you actually know what it is? Server Side Request Forgery (SSRF) refers to an attack where in an attacker is able to send a crafted request from a vulnerable web application. SSRF is usually used […]

The post What You Need To Know About…

Read the full post at darknet.org.uk

Continue reading What You Need To Know About Server Side Request Forgery (SSRF)

Two Popular IP Cameras Riddled With Vulnerabilities

Posted on by

Two IP cameras sold by Loftek and VStartcam are leaving over 1.3 million users open to 21 vulnerabilities that range from a lack of HTTPS encryption to bugs that open users up to cross-site request forgery attacks. Continue reading Two Popular IP Cameras Riddled With Vulnerabilities

Two Popular IP Cameras Riddled With Vulnerabilities

Posted on by

Two IP cameras sold by Loftek and VStartcam are leaving over 1.3 million users open to 21 vulnerabilities that range from a lack of HTTPS encryption to bugs that open users up to cross-site request forgery attacks. Continue reading Two Popular IP Cameras Riddled With Vulnerabilities

Java, Python FTP Injection Attacks Bypass Firewalls

Posted on by

Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. Continue reading Java, Python FTP Injection Attacks Bypass Firewalls

Java, Python FTP Injection Attacks Bypass Firewalls

Posted on by

Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. Continue reading Java, Python FTP Injection Attacks Bypass Firewalls

vBulletin Patches Serious Flaw in Forum Software

Posted on by

A serious vulnerability has been patched in forum software made by vBulletin that could allow attackers to scan servers hosting the package and possibly execute arbitrary code. Continue reading vBulletin Patches Serious Flaw in Forum Software