CVE-2016-3978 Open Redirect & XSS in FortiOS (Fortinet)

Introduction Some months ago, I reported to the Fortinet PSIRT team two vulnerabilities which affect different Fortigate firmware versions.  You probably know that "Fortinet is a leading provider of fast and secure cyber security solutions offers enterprise-level next generation firewalls and vast array of network security products." As...

Read More

A Network Traffic Analysis Exercise

Network forensics is something we should practice as much as possible to become faster at detecting supicious activies in our networks. This website http://malware-traffic-analysis.net/ shares network traffic captures where we can find different kinds of infections and malicious activies. I find these examples quite good to improve our skills to find...

Read More

CVE-2014-9218 phpMyAdmin DoS Proof of Concept

Assuming that time enough has happened since the security update was released by phpMyAdmin, we want to share our researches. As you already know, we believe in Responsible Disclosure and that is the reason why we didn't publish this post before. You can read the vulnerability details in the previous blog post. In this one, we show you  the way to exploit it. 1 - Create the payload. $ echo -n "pma_username=xxxxxxxx&pma_password=" > payload && printf "%s" {1..1000000} >> payload 2 - Performing the Denial of Service...

Read More

When cookies lead to a DoS in phpMyAdmin CVE-2014-9218

Introduction "phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL, MariaDB and Drizzle. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc) can be performed via the user interface,...

Read More

CVE-2014-9016 and CVE-2014-9034 Proof of Concept

Assuming that time enough has happened since the security update was released by Wordpress and Drupal, we want to share our researches. As you already know, we believe in Responsible Disclosure and that is the reason why we didn't publish this post before. Set Quality to 720p Drupal Denial of Service CVE-2014-9016 Generate a pyaload and try with a non-valid user: $ echo -n "name=NO-VALID-USER&pass=" > no_valid_user_payload && printf "%s" {1..1000000} >> no_valid_user_payload && echo -n "&op=Log in&form_id=user_login"...

Read More