The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Web Application Security

Yahoo Quickly Fixes SQL Injection Vulnerability Escalated to Remote Code Execution

Yahoo Quickly Fixes SQL Injection Vulnerability Escalated to Remote Code Execution

September 20, 2014Swati Khandelwal
Yahoo! was recently impacted by a critical web application vulnerabilities which left website's database and server vulnerable to hackers. A cyber security expert and penetration tester, Ebrahim Hegazy a.k.a Zigoo from Egypt , has found a serious SQL injection vulnerability in Yahoo's website that allows an attacker to remotely execute any commands on its server with Root Privileges. According to Hegazy blog post , the SQLi vulnerability resides in a domain of Yahoo! website i.e. http://innovationjockeys.net/tictac_chk_req.php . Any remote user can manipulate the input to the “ f_id ” parameter in the above URL, which could be exploited to extract database from the server. While pentesting, he found username and password ( encoded as Base64 ) of Yahoo!’ admin panel stored in the database. He decoded the Administrator Password and successfully Logged in to the Admin panel. Furthermore, SQL injection flaw also facilitate the attacker to exploit Remote Cod
Avira Vulnerability Puts Users' Online Backup Data At Risk

Avira Vulnerability Puts Users' Online Backup Data At Risk

September 20, 2014Wang Wei
A popular Anti-virus software Avira that provides free security software to its customers with Secure Backup service is vulnerable to a critical web application vulnerability that could allow an attacker to take over users’ account, putting millions of its users’ account at risk. Avira is very popular for their free security software that comes with its own real-time protection module against malware and a secure backup service. Avira was considered to be the sixth largest antivirus vendor in 2012 with over 100 million customers worldwide. A 16 year-old security researcher ‘ Mazen Gamal ’ from Egypt told The Hacker News that Avira Website is vulnerable to CSRF (Cross-site request forgery) vulnerability that allows him to hijack users’ accounts and access to their online secure cloud backup files. CSRF VULNERABILITY TO  ACCOUNT TAKEOVER Cross-Site Request Forgery (CSRF or XSRF) is a method of attacking a Web site in which an intruder masquerades as a legitimate
How to Detect SQL Injection Attacks

How to Detect SQL Injection Attacks

September 19, 2014Swati Khandelwal
SQL Injection (SQLi) attacks have been around for over a decade. You might wonder why they are still so prevalent. The main reason is that they still work on quite a few web application targets. In fact, according to Veracode’s 2014 State of Security Software Report , SQL injection vulnerabilities still plague 32% of all web applications. One of the big reasons is the attractiveness of the target – the database typically contains the interesting and valuable data for the web application. A SQLi attack involves inserting a malformed SQL query into an application via client-side input. The attack perverts the intentions of web programmers who write queries and provide input methods that can be exploited. There is a reason they’re on the OWASP Top 10 . Termed “ injection flaws ”, they can strike not only SQL, but operating systems and LDAP can fall prey to SQLi. They involve sending untrusted data to the interpreter as a part of the query. The attack tricks the interpreter into
 Hacking Fiverr.com Accounts — Vulnerability Puts $50 Million Company At Risk

Hacking Fiverr.com Accounts — Vulnerability Puts $50 Million Company At Risk

August 16, 2014Swati Khandelwal
Fiverr.com, a global online marketplace which provides a platform for people to sell their services for five dollars per job, is vulnerable to a critical web application vulnerability that puts its millions of users at risk. Fiverr recently raised $30 million in a third round of institutional funding to continue supporting the new version of its marketplace, but the company ignored the advance warning of the critical bug reported responsibly by a vulnerability hunter and fails to patch up their website before his public release. There are endless numbers of people providing services on Fiverr website, such as graphic design, language translation, illustration, blogging and a lot more that start from just $5 but can go much higher, depending on complexity, seller rating, and type of work. According to a security researcher Mohamed Abdelbaset, an Information Security Evangelist from Egypt, told The Hacker News that Fiverr website is vulnerable to CSRF (Cross-site reque
Flickr Cross-Site Request Forgery Vulnerability Patched

Flickr Cross-Site Request Forgery Vulnerability Patched

August 06, 2014Wang Wei
Yahoo-owned Flickr, one of the biggest online photo management and sharing website in the world was recently impacted by a web application vulnerability , which could allow an attacker to modify users’ profile image. Flickr is one of the most popular photo sharing website with more than 87 million users, therefore some top major target for cybercriminals. The site was vulnerable to the most common vulnerability known as Cross-Site Request Forgery (XSRF or CSRF), which is very easy to exploit by attackers. Cross-Site Request Forgery is a method of attacking a Web site in which an intruder masquerades as a legitimate and trusted user. All the attacker need to do is get the target browser to make a request to your website on their behalf. If they can either: Convince your users to click on a HTML page they've constructed Insert arbitrary HTML in a target website that your users visit Not too difficult, is it? Abdullah Hussam , a 17 years old programmer from Iraq found that just
Jobvite Recruitment Service Website Vulnerable to Hackers

Jobvite Recruitment Service Website Vulnerable to Hackers

August 04, 2014Swati Khandelwal
Jobvite , a recruiting platform for the social web, is found vulnerable to the most common, but critical web application vulnerabilities that could allow an attacker to compromise and steal the database of the company's website. Jobvite is a Social recruiting and applicant tracking created for companies with the highest expectations of recruiting technology and candidate quality. Growing companies use Jobvite's social recruiting, sourcing and talent acquisition solutions to target the right talent and build the best teams. An independent security researcher Mohamed M. Fouad from Egypt, has found two major flaws in Jobvite website  that could be used by an attacker to comprise the company’s web server. As a responsible security researcher, Fouad also reported the critical flaws three months ago to the Jobvite team, but the company didn't fix it till now. According to Fouad, Jobvite is vulnerable to Boolean SQLi (SQL injection) and LFI (local file inclusion) v
MediaWiki Remote Code Execution vulnerability leaves Wikipedia open for Cyber attacks

MediaWiki Remote Code Execution vulnerability leaves Wikipedia open for Cyber attacks

January 30, 2014Anonymous
The Encyclopedia giant WIKIPEDIA has been found vulnerable to remote code execution because of a critical flaw in the MediaWiki software . Wikipedia is a name which has become a major source of information for all of us. It has webpages on almost every topic you need to search. This giant is powered by an open source wiki software called MediaWiki. MediaWiki not only empowers Wikipedia, but also a number of other wiki websites. This software is a product of the Wikimedia Foundation and is coded in PHP with a database as backend. Cyber Point Software Technologies found a remote code execution vulnerability in MediaWiki, " This vulnerability affects all versions of MediaWiki from 1.8 onwards. " The vulnerability assigned with ID CVE-2014-1610 allows an attacker to execute shell code remotely via an incorrectly sanitized parameter on the MediaWiki application server. “Shell meta characters can be passed in the page parameter to the thumb.php.” Bug 60339
Yahoo fixes Critical Remote Command Execution vulnerability

Yahoo fixes Critical Remote Command Execution vulnerability

January 26, 2014Unknown
Cyber Security Expert and Penetration tester, Ebrahim Hegazy has found a serious vulnerability in Yahoo's website that allows an attacker to remotely execute any commands on the server i.e. Remote Command Execution vulnerability. According to Ebrahim blog post , the vulnerability resides in a Chinese subdomin of Yahoo website i.e. http://tw.user.mall.yahoo.com/rating/list?sid= $Vulnerability Any remote user can manipulate the input to the sid parameter in the above URL, that passes the parameter value to an eval() PHP function on the server end. If an attacker is able to inject a PHP code into this web application, it forces the server to execute it, but this method only limited by what PHP is capable of. In a POC Video he has successfully demonstrated few Payloads: Example-1: http://tw.user.mall.yahoo.com/rating/list?sid= ${@print(system(“dir”))} Example-2: http://tw.user.mall.yahoo.com/rating/list?sid= ${@print(system(“ps”))} Last week, He
Hacker demonstrated 'Remote Code Execution' vulnerability on EBay website

Hacker demonstrated 'Remote Code Execution' vulnerability on EBay website

December 13, 2013Mohit Kumar
A German Security researcher has demonstrated a critical  vulnerability on Ebay website, world's biggest eStore. According to David Vieira-Kurz  discovered Remote code execution flaw " due to a type-cast issue in combination with complex curly syntax ", that allows an attacker to execute arbitrary code on the EBay's web server. In a demo video, he exploited this RCE flaw on EBay website, and managed to display output of phpinfo()  PHP function on the web page, just by modifying the URL and injecting code in that. According to an explanation on his blog , he noticed a legitimate URL on EBay: https://sea.ebay.com/search/?q=david&catidd=1  . . and modified the URL to pass any array values including a payload: https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${ phpinfo() }}&catidd=1 Video Demonstration: But it is not clear at this moment that where the flaw resides on Ebay server, because how a static GET parameter can be converted to accept like an array
Thousands of websites based on Ruby on Rails vulnerable to Cookie Handling flaw

Thousands of websites based on Ruby on Rails vulnerable to Cookie Handling flaw

November 29, 2013Anonymous
Ruby on Rails contains a flaw in its design that may allow attackers to more easily access applications. Websites that rely on Ruby on Rails’s default cookie storage mechanism   CookieStore  are at risk. The vulnerability was actually reported two months ago, but still thousands of website are running a vulnerable version of Ruby on Rails that allows a malicious attacker to gain unauthorized access again and again without password, if someone manages to steal users' cookies via via cross site scripting or session sidejacking or with physical access.  More than 10,000 websites are vulnerable to Ruby on Rails's cookie storage mechanism flaw, but this vulnerability requires your user's session cookies to be compromised in the first place. Security researcher G.S. McNamara provided the details of the vulnerability in a blog post , he analyzed nearly 90,000 sites running specialized scripts and discovered 1,897 sites based on old versions of Ruby on Rails ( version 2.0 to ve
Hacker stole $100,000 from Users of California based ISP using SQL Injection

Hacker stole $100,000 from Users of California based ISP using SQL Injection

October 22, 2013Mohit Kumar
In 2013 we have seen a dramatic increase in the number of hack attacks attempted against banks, credit unions and utility companies using various techniques including  DDoS attack , SQL injection, DNS Hijacking and Zero-Day Flaws. SQL Injection is one of the most common security vulnerabilities on the web and is successful only when the web application is not sufficiently secured. Recently a hacking Group named ' TeamBerserk ' claimed on Twitter that, they have stolen $100,000 by leveraging user names and passwords taken from a California ISP Sebastian (Sebastiancorp.com)to access victims' bank accounts. A video proof was uploaded on the Internet, shows that how hackers used a SQL injection attack against the California ISP Sebastian to access their customers' database includes  e-mail addresses, user names and clear text passwords and then using the same data to steal money from those customers. Let's see what SQL Injection is and how ser
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers

Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers

September 09, 2013Mohit Kumar
Hackers are focusing on vulnerabilities in the PHP web application development platform threatening 80% websites in the world, including many big website i.e. Facebook and Wikipedia. PHP has several predefined variables that are called SuperGlobals i.e. POST, GET, COOKIES, FILES etc. Imperva Releases Hacker Intelligence Initiative Report , particularly concerned about two vulnerabilities that can be used to execute code on servers running PHP and fail to stop PHP SuperGlobal parameter variables being modified by external sources. Dubbed as  CVE-2011-2505 , describes a vulnerability in the authentication feature in PhpMyAdmin (PMA) that enables attackers to modify the  _SESSION  SuperGlobal variable. CVE-2010-3065 describes a problem in the PHP’s session serialization mechanism. By injecting malicious value into an internal variable using PHP's Superglobal mechanism, the attacker is able to change the application flow and execute arbitrary commands to take control over
Microsoft's Social network Yammer vulnerable to OAuth Bypass hack

Microsoft's Social network Yammer vulnerable to OAuth Bypass hack

August 04, 2013Mohit Kumar
Yammer , is the Enterprise Social Network service that was launched in 2008 and sold to Microsoft in 2012. Yammer is a secure, private social network for your company. Yammer is used for private communication within organizations or between organizational members and pre-designated groups, making it an example of enterprise social software. Ateeq Khan,  Pakistani researcher from The Vulnerability Laboratory Research  team has discovered multiple critical Vulnerabilities in the Microsoft Yammer Social Network. An  OAuth bypass session token web vulnerability is detected in the official Microsoft Yammer Social Network online-service application. OAuth is an emerging authorization standard that is being adopted by a growing number of sites such as Twitter, Facebook, Google, Yahoo!, Netflix, Flickr, and several other Resource Providers and social networking sites. According to the advisory , The vulnerability allows remote attackers to bypass the token protecti
LinkedIn Clickjacking vulnerability tricks users to spam links

LinkedIn Clickjacking vulnerability tricks users to spam links

July 13, 2013Wang Wei
A Clickjacking vulnerability existed on LinkedIn that allowed an attacker to trick users for sharing and posting links on behalf of victim. Narendra Bhati(R00t Sh3ll), Security Analyst at Cyber Octet informed us about LinkedIn Bug.  Clickjacking , also referred as "User Interface redress attack" is one type of website hacking technique where an attack tricks a web user into clicking a button, a link or a picture, etc. that the web user did not intend to click, typically by overlaying the web page with an iframe. Flaw allows attacker to open LinkedIn page  https://www.linkedin.com/shareArticle? , used to share links and articles summary, in a hidden iframe. Proof of Concept:  1.) Semi Transparent Iframe Layers : 2.) Fully activated page with zero Transparency ifarme: Video Demonstration: Many countermeasures have been described that help web users protect against clickjacking attacks. X-FRAME-OPTIONS is a browser-based defense method. In order to bring the X-FR
Vulnerability in Whatsapp messenger media server

Vulnerability in Whatsapp messenger media server

June 12, 2013Mohit Kumar
If you own an iPhone or an Android device, then the chances are high that you're familiar with the extremely popular cross-platform messaging app, WhatsApp. According to a whitehat hacker Mohammed Saeed , Whatsapp media server ( media.whatsapp.com ) interface was vulnerable to Traversal local file inclusion. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected. Flaw allowed hacker to gather usernames via an " /etc/passwd " file and also another sensitive files like log files i.e   "/apache/logs/error.log" or " /apache/logs/access.log ". Flaw was reported by Mohammed with proof of conpect to Whatsapp security team on 27th May and was addressed this week. If you are also penetration tester and have something buggy that can help Whatsapp team to make there service more secure, feel free to contact them at  support@whatsapp.com .
Drupal resets 1 Million Passwords after Data Breach

Drupal resets 1 Million Passwords after Data Breach

May 31, 2013Anonymous
A Drupal data breach was announced by the official Drupal Association, that Passwords for almost one million accounts on the Drupal.org website are being reset after hackers gained unauthorized access to sensitive user data. The security of the open source content management system has been compromised via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. As countermeasure it is resetting the passwords for nearly one million accounts in the wake of a data breach . Information exposed includes usernames, email addresses, and country information, as well as hashed passwords . The Drupal.org hasn't revealed the name of the third-party application exploited during the attack. Evidence of the Drupal data breach was found during a routine security audit: “ Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security i
Upgrade ModSecurity to version 2.7.4 for fixing Denial of Service Vulnerability

Upgrade ModSecurity to version 2.7.4 for fixing Denial of Service Vulnerability

May 29, 2013Mohit Kumar
ModSecurity is an open source web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. ModSecurity developers team recently fixed a vulnerability ( CVE-2013-2765 ) which could be exploited by attackers to crash the firewall . The vulnerability is caused due to an error when processing the " forceRequestBodyVariable " action and can be exploited to cause a NULL pointer dereference via specially crafted HTTP requests.  Flaw was reported by Younes Jaaidi, according to him an attacker can exploit this issue using a web browser. He also released an Exploit for this flaw, which is publicly available at  Github  for download. Through the program to upgrade to version 2.7.4 fixes this problem, this version also fixes some minor bug and lib injection used to identify SQL injection attacks, while the development team also announced its portable version of Nginx has
SSH Backdoor accounts in multiple Barracuda Products

SSH Backdoor accounts in multiple Barracuda Products

January 26, 2013Mohit Kumar
Firewall, VPN and spam filtering products from Barracuda Networks contains hidden hard coded backdoor ed SSH accounts, that allow any hacker to remotely log in and root access sensitive information. According to an advisory published by Stefan Viehböck of SEC Consult Vulnerability Lab reported the vulnerabilities in default firewall configuration and default user accounts on the unit. Barracuda were informed of the vulnerabilities at the end of November. All Barracuda Networks appliances with the exception of the Barracuda Backup Server, Barracuda Firewall, and Barracuda NG Firewall are potentially affected i.e Barracuda Spam and Virus Firewall, Barracuda Web Filter, Barracuda Message Archiver, Barracuda Web Application Firewall, Barracuda Link Balancer, Barracuda Load Balancer, Barracuda SSL VPN, CudaTel. Barracuda recommended that all customers immediately update their Barracuda security definitions to v2.0.5, ensure the products' security definitions are set to o
NASA 'Space your Face' domain hacked

NASA 'Space your Face' domain hacked

January 07, 2013Wang Wei
Another basic security loop-hole in NASA website lead to a Hack. This time hacker going by name " p0ison-r00t " deface a sub domain of NASA ( http://spaceyourface.nasa.gov/ ). The hacked sub domain running a web application using flash, that allow visitors to create some funny videos of Space using Faces. Hacker able to upload his text on the website, as shown in screenshot taken by ' The Hacker News '. We contact hacker to know more about the hack, on asking How ? Hacker said," I found a form on website, accepting file upload but without validating the extension, that allow me to upload a php shell on server ". Hacker also said that because of low privileges he was not able to modify any file, but was able to upload some text on the website, Check here . Mirror of hack also available on Zone-h .
How to Minimize Web Application Security Risk !

How to Minimize Web Application Security Risk !

October 19, 2012Mohit Kumar
With Web applications remaining a popular target for attackers, Web app security sometimes seems like a digital version of the " Good, the Bad and the Ugly ." Vulnerabilities in web applications are now the largest vector of enterprise security attacks. Web application security is much more challenging than infrastructure. The top Web application vulnerabilities occur and re-occur time and again. Items such as Cross Site Scripting (XSS), SQL Injection (SQLi) and file inclusion are common vulnerabilities and show up frequently. In his view, the majority of Web application security problems can be solved by applying well known security technology approaches. According to survey results, only 51 percent of organizations currently have coders conduct security testing, and only 40 percent of organizations report they test during development. Vulnerabilities like these fall often outside the traditional expertise of network security managers. To help you understand h
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.