#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Ebrahim Hegazy | Breaking Cybersecurity News | The Hacker News

Category — Ebrahim Hegazy
Yahoo Quickly Fixes SQL Injection Vulnerability Escalated to Remote Code Execution

Yahoo Quickly Fixes SQL Injection Vulnerability Escalated to Remote Code Execution

Sep 20, 2014
Yahoo! was recently impacted by a critical web application vulnerabilities which left website's database and server vulnerable to hackers. A cyber security expert and penetration tester, Ebrahim Hegazy a.k.a Zigoo from Egypt , has found a serious SQL injection vulnerability in Yahoo's website that allows an attacker to remotely execute any commands on its server with Root Privileges. According to Hegazy blog post , the SQLi vulnerability resides in a domain of Yahoo! website i.e. https://innovationjockeys.net/tictac_chk_req.php . Any remote user can manipulate the input to the " f_id " parameter in the above URL, which could be exploited to extract database from the server. While pentesting, he found username and password ( encoded as Base64 ) of Yahoo!' admin panel stored in the database. He decoded the Administrator Password and successfully Logged in to the Admin panel. Furthermore, SQL injection flaw also facilitate the attacker to exploit Remote Cod...
Critical vulnerability in Twitter allows attacker to upload Unrestricted Files

Critical vulnerability in Twitter allows attacker to upload Unrestricted Files

Oct 30, 2013
Security expert Ebrahim Hegazy , Cyber Security Analyst Consultant at Q-CERT, has found a serious vulnerability in Twitter that allows an attacker to upload files of any extension including PHP. When an application does not validate or improperly validates file types before uploading files to the system, called Unrestricted File upload vulnerability . Such flaws allow an attacker to upload and execute arbitrary code on the target system which could result in execution of arbitrary HTML and script code or system compromise. According to Ebrahim, when a developer creates a new application for Twitter  i.e. dev.twitter.com - they have an option to upload an image for that application. While uploading the image, the Twitter server will check for the uploaded files to accept certain image extensions only, like PNG, JPG and other extensions won't get uploaded. But in a Video Proof of Concept he demonstrated  that, a vulnerability allowed him to bypass this security va...
5 Reasons Device Management Isn't Device Trust​

5 Reasons Device Management Isn't Device Trust​

Apr 21, 2025Endpoint Security / Zero Trust
The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...
Expert Insights / Articles Videos
Cybersecurity Resources