XSS in WordPress via open embed auto discovery

Introduction Users often assume that known software is free of security flaws because it has been checked by a sufficient number of tools and security testers. However, this is not an assumption that a pentester or bug hunter can afford to make. Vulnerabilities may lurk in various places, and finding an interesting bug often requires …

IT infrastructure reconnaissance – part 1 (Google hacking)

The basis of web application or infrastructure security tests is a reconnaissance, i.e. the collection of all subdomains, IP addresses, and other publicly available information. It is a good practice to use several tools simultaneously during the reconnaissance, which of course, will greatly increase the effectiveness of this testing phase – information omitted by one …

Single Code Line CCTV Camera Takeover – One Can Record Audio/Video/Have Access to Recordings

I have already presented this subject twice, but there was no information on the topic until now. The Ganzsecurity ZN-DNT352XE-MIR camera is worth about 5000 PLN. Securitum provides solutions to organisations such as NY Police, FBI, Spawar Command (NAVY), or prisons. The camera can also be found also as CCTV. All information presented in this …

Description of CVE-2018-0296 vulnerability – bypassing authorization in Cisco ASA web interface.

In this text we describe CVE-2018-0296 error concerning Cisco ASA devices, publicized 6th of June by Cisco. Officially, vulnerability was classified as Denial Of Service, although our report concerned a different type of error. More details below. A word of introduction:Cisco ASA device (Adaptive Security Appliance) is very popular and is often a part of …

How to take over the CCTV camera

This time, we take a look at the camera Ganz Security – model ZN-M2F (price is about $650). We were able to get root privileges without authentication. Ganz Security? This is a company known in the West: The Ganz brand is currently used by more than 100,000 businesses and research and development institutions in the …

What is Path Traversal vulnerability?

Path Traversal attacks are performed when the vulnerable application allows uncontrolled access to files and directories, to which the user should not usually have access. The attack vector is the parameters passed on the application, representing paths to resources, on which specific operations are to be performed – reading, writing, listing the contents of the …

Security problems of Apache Cordova – steal the entire contents of the phone’s memory card with one XSS

There are many different technologies available on the mobile market that allow you to create applications. One of them – Apache Cordova – allows you to write applications in JavaScript and HTML. Applications created in this way are easy to distribute, and their operation does not differ from native applications written in Java or C. …