Remote Stealth Brute-force of Oracle Database Passwords
During an internal penetration test we discovered an Oracle database of version 11g Release 2 in the client’s network.
Brocade Fabric OS ≤ v8.0.2c rbash escape to read system files
Broadcom offers a number of products and networking solutions such as switches, extensions etc. These products come with their own
Gaining access through error-based SQLi using WebSockets
Introduction
In the previous Pwning the portal blog post, we extracted the source code of a
corporate login portal through
Pwning the portal: from database dump to session hijacking
Introduction
I find that doing bug hunting and responsible disclosure is a nice practical way
to “learn by doing” for
Misusing BeyondTrust Remote Support Leads To Data Exposure
BeyondTrust (former Bomgar) is a security firm, offering access management
solutions to a large number of companies, “including half of
Hacking WordPress Plugins Part 2 - Open Redirect [CVE-2021-24288]
AcyMailing [https://www.acymailing.com/] is a newsletter subscription WordPress
plugin with more than 30.000 total downloads and more
Hacking WordPress Plugins - Authenticated Shell Upload [CVE-2021-24347]
SP Project & Document Manager
[https://wordpress.org/plugins/sp-client-document-manager/] is a WordPress
plugin developed by Smarty Pants, with over 301.