voidsec2022-01-14T09:15:30+01:00This is a re-posting of the original article "GraphQL - Security Overview and Testing Tips" that I have wrote on Doyensec
With the increasing popularity of GraphQL technology we are summarizing some documentation and tips about common security mistakes.
What is GraphQL?
GraphQL is a data query language developed by Facebook and publicly released in 2015. It is an alternative to REST API.
Even if you don’t see any GraphQL out there, it is likely you’re already using it since it’s running on some...
voidsec2022-01-14T09:16:58+01:00Recently, during a penetration test I have found a vulnerable installation of the Joomla CMS. Yes, I already know that this vulnerability is quite old and that there is a ready to use Metasploit module but here is the catch: the module and other scripts available on internet weren’t working against my environment, furthermore, during the last year a lot of new vulnerabilities rely on the PHP Object Injection and Serialize/Unserialize.
That's the reason why I thought it was a good...
voidsec2022-01-14T09:17:49+01:00It has been a while since my last blog post, so I’m (finally) writing the write-up of the: VoidSec CTF Secure the flag.
The CTF was made possible thanks to the sponsorship with Bitdefender that put some licenses for its product as a prize for the first three winners.
This CTF was web based, no binary exploitation nor reverse engineering and/or crypto was involved.
Before I dive into deep, let me explain what was the goal of this CTF and why it is...
voidsec2022-01-14T09:21:31+01:00ImageMagick Is On Fire — CVE-2016–3714
There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.
A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick.
For more information about this vulnerability visit: https://imagetragick.com/ or this...
VoidSec Security Team
Date of contact
2nd date of contact
3rd date of contact
Vendor last reply
Date of public disclosure
Phorum Open Source PHP Forum Software
Download the Report [EN]
The purpose of the present project is to assess the security posture of some important aspects of Phorum Forum Software.
Phorum is open source forum software with a penchant for speed. Phorum's very flexible hook and module system can satisfy every web master's needs.
During the web application security assessment for Phorum, VoidSec assessed the following systems using...
voidsec2022-01-14T09:22:05+01:00We are proud to publish an undisclosed vulnerability affecting LinkedIn and in particular its "CSV Export" function.
Following our Vulnerability Disclosure Policy Agreement, LinkedIn Security Team has been informed about this specific issue and this vulnerability will be published without a working PoC.
LinkedIn's users can exports all their connections into a CSV file, that due to some missing filters (escaping output), could allows an attacker to execute a command on the user machine.
An attacker can create a LinkedIn profile embedding a...
Date of contact:
2nd date of contact:
Date of public disclosure:
Avactis PHP Shopping Cart
Download the Report [EN]
Avactis is an open source ecommerce Shopping Cart software. The purpose of the present project is to assess the security posture of some important aspects of Avactis PHP Shopping Cart. The activity is performed through Web Application Penetration Test using Grey Box approach.
Spreading of Files with Malicious Extensions on Upload New Design and Execution in some
Non-Admin PHP Shell...
June 17, 2015
Paolo Stagno ( aka voidsec – [email protected] )
Luca Poletti ( aka kalup – [email protected] )
Download the Report [EN]
In those last days a new social network called minds is getting attention over the internet, it aims to give transparency and protection to user data. Thanks to those last two points the new site has attracted the support of online activists including the hacking collective Anonymous.
We have then decided to give a look to that amazing platform,...
Mattia Reggiani è un appassionato di Offensive Security, laureato in Sicurezza Informatica presso l'Università degli Studi di Milano e certificato CEH. Interessato in ethical hacking, forensics analysis e web application security, attualmente svolge l'attività di IT Security consultant.
L'introduzione e la recente diffusione di HTML5 come nuovo linguaggio per le pagine Web, ha sollevato nuove vulnerabilità a causa d’implementazioni errate di questa tecnologia.
Nel presente articolo sarà descritta la vulnerabilità HTML5 Injection e saranno mostrati scenari reali nella quale è possibile sfruttarla...
voidsec2022-01-14T09:34:18+01:00Articolo in collaborazione con: Jatinder Pal Singh, professionista da oltre nove anni nel settore dell’ Information Security. Master in Information & Security System dell’Università di Glamorgan, attualmente consulente capo (Threat Management Services) di Aujas Networks.
HTTP Header Injection Vulnerability
Le applicazioni web che non filtrano correttamente gli header delle intestazioni HTTP sono vulnerabili all’attacco HTTP Header Injection (anche conosciuto come Response Splitting); questa vulnerabilità non solo consente ad un attaccante di controllare le intestazioni e il corpo della risposta, ma gli consente...