Phorum – Full Disclosure
Reporter VoidSec Security Team Advisory VoidSec-16-002 Date of contact 03-03-16 2nd date of contact 16-03-16 3rd date of contact 04-04-16 Vendor last reply 03-03-16 Date of public disclosure 21-04-16 Product Phorum Open Source PHP Forum Software Version 5.2.20 Download the Report [EN] Introduction The purpose of the present project is to assess the security posture of some important aspects of Phorum Forum Software. Phorum is open source forum software with a penchant for speed. Phorum's very flexible hook and module system can satisfy every web master's needs. During the web application security assessment for Phorum, VoidSec assessed the following systems using...
Avactis – Full Disclosure
Advisory: VoidSec-16-001 Date of contact: 19-01-16 2nd date of contact: 23-01-16 Vendor reply: N/A Date of public disclosure: 12-04-16 Product: Avactis PHP Shopping Cart Version: 4.7.9.Next.47900 Vendor: Avactis Download the Report [EN] Introduction Avactis is an open source ecommerce Shopping Cart software. The purpose of the present project is to assess the security posture of some important aspects of Avactis PHP Shopping Cart. The activity is performed through Web Application Penetration Test using Grey Box approach. Vulnerabilities: Spreading of Files with Malicious Extensions on Upload New Design and Execution in some circumstances Non-Admin PHP Shell...
Tecniche Evasive
Recentemente, per lavoro, ho preso parte a un’operazione di Red Teaming. Ho trovato l’esperienza interessante ed emozionante poiché è l’unica tipologia di test in cui si possono mettere a frutto tutte le competenze e spaziare nella tipologia di attacchi da effettuare e di bersagli da colpire. Hacknowledge Red Team: gruppo indipendente di penetration tester assunto dall’organizzazione bersaglio che, all’insaputa dei suoi stessi reparti tecnici, effettua un attacco contro l’organizzazione stessa. L’obiettivo del team è di testare difese e “risposte” nell’ambito di un...
