#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Ebrahim Hegazy | Breaking Cybersecurity News | The Hacker News

Category — Ebrahim Hegazy
Yahoo Quickly Fixes SQL Injection Vulnerability Escalated to Remote Code Execution

Yahoo Quickly Fixes SQL Injection Vulnerability Escalated to Remote Code Execution

Sep 20, 2014
Yahoo! was recently impacted by a critical web application vulnerabilities which left website's database and server vulnerable to hackers. A cyber security expert and penetration tester, Ebrahim Hegazy a.k.a Zigoo from Egypt , has found a serious SQL injection vulnerability in Yahoo's website that allows an attacker to remotely execute any commands on its server with Root Privileges. According to Hegazy blog post , the SQLi vulnerability resides in a domain of Yahoo! website i.e. https://innovationjockeys.net/tictac_chk_req.php . Any remote user can manipulate the input to the " f_id " parameter in the above URL, which could be exploited to extract database from the server. While pentesting, he found username and password ( encoded as Base64 ) of Yahoo!' admin panel stored in the database. He decoded the Administrator Password and successfully Logged in to the Admin panel. Furthermore, SQL injection flaw also facilitate the attacker to exploit Remote Cod...
Critical vulnerability in Twitter allows attacker to upload Unrestricted Files

Critical vulnerability in Twitter allows attacker to upload Unrestricted Files

Oct 30, 2013
Security expert Ebrahim Hegazy , Cyber Security Analyst Consultant at Q-CERT, has found a serious vulnerability in Twitter that allows an attacker to upload files of any extension including PHP. When an application does not validate or improperly validates file types before uploading files to the system, called Unrestricted File upload vulnerability . Such flaws allow an attacker to upload and execute arbitrary code on the target system which could result in execution of arbitrary HTML and script code or system compromise. According to Ebrahim, when a developer creates a new application for Twitter  i.e. dev.twitter.com - they have an option to upload an image for that application. While uploading the image, the Twitter server will check for the uploaded files to accept certain image extensions only, like PNG, JPG and other extensions won't get uploaded. But in a Video Proof of Concept he demonstrated  that, a vulnerability allowed him to bypass this security va...
Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Crowdstrike Named A Leader In Endpoint Protection Platforms

Nov 22, 2024Endpoint Security / Threat Detection
CrowdStrike is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time, positioned highest on Ability to Execute and furthest to the right on Completeness of Vision.
Popular Resources
Articles
[Watch] From Risk to ROI: The Strategic Value of Security Validation
Articles
How to Get a Full Penetration Test Done in Days – See How It Works!
Articles
Simplify IT Backup and Recovery — Experience Unitrends Live
Articles
Backupify — The Backup Solution: Encrypted, Unlimited, Reliable
Expert Insights / Articles Videos
Cybersecurity Resources