Autor: Oliveira Lima

Authenticated SQL Injection in Centreon 3.4.x

I found the SQL Injection in the “searchH’ POST parameter.    

Path traversal in 3cx

We constantly choose some well known apps to take a closer look here in the lab. Besides the learning factor we take joy in attacking and observing different plataforms. 3CX was the target this time. 3CX is an open source

Backdoor D’link DIR-615

I looked over and saw my D’Link DIR-615 router and thought with myself – “Why not !?” Let’s quickly analyze: Router Model:   This particular model doesn’t have Telnet enabled by default. So, I’ve enabled Telnet and logged in. When

Acesso backdoor D’link DIR-615.

Em uma tarde de domingo depois de ter lido alguns posts na internet, dentre eles um do amigo Victor Pasknel, onde o mesmo encontrou um usuário backdoor no roteador Kross KP8696X, olhei para o lado e vi meu roteador D’link DIR-615

ForgeRock persistent and reflected Cross Site Scripting (XSS)

Cross Site Scripting (XSS) Product OpenIDM Affected versions 4.0.0, 4.5.0 Fixed versions Component Admin UI Severity Medium Description: OpenIDM is vulnerable to both persistent and reflected cross-site scripting (XSS) attacks within the Admin UI, which could lead to session hijacking or phishing. Report