websec.wordpress.com
Papers | Reiners' Weblog
https://websec.wordpress.com/papers
Anything about Web Security. Code Reuse Attacks in PHP: Automated POP Chain Generation. Johannes Dahse, Nikolai Krein, Thorsten Holz. 21st ACM Conference on Computer and Communications Security (CCS). Scottsdale, Arizona, USA, November 2014. Best Student Paper Award *. Static Detection of Second-Order Vulnerabilities in Web Applications. Johannes Dahse, Thorsten Holz. 23rd USENIX Security Symposium. San Diego, CA, USA, August 2014. Internet Defense Prize *. Johannes Dahse, Thorsten Holz.
kliqqi.com
Download Kliqqi – Kliqqi
https://www.kliqqi.com/download_kliqqi
Last Updated Jan 11, 2017. Kliqqi 3.5.2. Download File Kliqqi1112017.zip – 3 MB. Last Updated Jan 11, 2017. This is where you can download the new Kliqqi 3.5.2. Formerly known as Pligg CMS. Please support us. By making a small contribution. Your donations allow us to keep providing updates. Running PHP5.4 , and MySQL 5.1. If you are new to Kliqqi you will want to extract the zip file and follow the installation instructions in the readme.html file. Upgrading from Pligg CMS to Kliqqi? Settings. If vot...
blog.ripstech.com
RIPS - Serendipity 2.0.3: From File Upload to Code Execution
https://blog.ripstech.com/2016/serendipity-from-file-upload-to-code-execution
The superior security software for PHP applications. What we learned from our Advent Calendar. E107 2.1.2: SQL Injection through Object Injection. Security Compliance with Static Code Analysis. Serendipity 2.0.3: From File Upload to Code Execution. 7 Dec 2016 by Hendrik Buchwald. The truncated analysis results are available in our RIPS demo application. Please note that we limited the results to the issues described in this post in order to ensure a fix is available. RIPS identified two critical types of...
blog.ripstech.com
RIPS - Introducing the RIPS analysis engine
https://blog.ripstech.com/2016/introducing-the-rips-analysis-engine
The superior security software for PHP applications. What we learned from our Advent Calendar. E107 2.1.2: SQL Injection through Object Injection. Security Compliance with Static Code Analysis. Introducing the RIPS analysis engine. 4 Dec 2016 by Johannes Dahse. In today’s post, we would like to share some insights into our static code analysis. Button and the first vulnerability report pops up? How can a security vulnerability be automatically detected in source code? Let’s have a look. This examples con...
blog.ripstech.com
RIPS - Redaxo 5.2.0: Remote Code Execution via CSRF
https://blog.ripstech.com/2016/redaxo-remote-code-execution-via-csrf
The superior security software for PHP applications. What we learned from our Advent Calendar. E107 2.1.2: SQL Injection through Object Injection. Security Compliance with Static Code Analysis. Redaxo 5.2.0: Remote Code Execution via CSRF. 16 Dec 2016 by Robin Peraglie. 520 is the latest release of a simple content management system that is mostly used in Germany. Today we are going to present our scan results for Redaxo and explain how completely omitting anti- CSRF. We will now explain how a. The remot...
blog.ripstech.com
RIPS - Continuous Integration - Jenkins at your service
https://blog.ripstech.com/2016/continuous-integration-jenkins-at-your-service
The superior security software for PHP applications. What we learned from our Advent Calendar. E107 2.1.2: SQL Injection through Object Injection. Security Compliance with Static Code Analysis. Continuous Integration - Jenkins at your service. 18 Dec 2016 by Daniel Peeren. One of the most popular automation platforms in the world, that can automatically warn you whenever a new security issue is introduced to your code base. How Continuous Integration works. Command, as well as a. Relative costs to fix so...
blog.ripstech.com
RIPS - Coppermine 1.5.42: Second-Order Command Execution
https://blog.ripstech.com/2016/coppermine-second-order-command-execution
The superior security software for PHP applications. What we learned from our Advent Calendar. E107 2.1.2: SQL Injection through Object Injection. Security Compliance with Static Code Analysis. Coppermine 1.5.42: Second-Order Command Execution. 2 Dec 2016 by Martin Bednorz. The second gift in our advent calendar. Contains descriptions of vulnerabilities in Coppermine. In the following, we examine a few selected vulnerabilities found by RIPS. We prefer to describe more complex and interesting vulnerab...
SOCIAL ENGAGEMENT