Author Archives Sven Morgenroth

String concatenation and format string vulnerabilities are a problem in many programming languages. This blog post explains the basics of string concatenation and insecure string concatenation functions in C. It then examines format string vulnerabilities, how they appear in different web applications, and their relation to XSS vulnerabilities. Read More

This blog post introduces the Domain Name System and what happens when a browser issues a DNS request. It then explains the technical basics of its successor, DNS Over HTTPS (DoH), why it is unavailable on your Android phone and how to circumvent this. Finally, it examines whether it enhances security and privacy, and how to disable it. Read More

This article provides an introduction to PHP Type Juggling Vulnerabilities and loosely typed code and type comparisons, and how to avoid or fix them. Read More

This article introduces Server Side Templates and explains why and how they can be susceptible to Server-Side Template Injection vulnerabilities. It includes examples of HTML, PHP and CSS code and concludes with a list of recommendations on how to protect your web applications from attacks that exploit SSTI vulnerabilities. Read More

Our researcher, Sven Morgenroth, explains how he found an Authentication Bypass in CMS Made Simple, what PHP Type Juggling is, and why you should never use the unserialize function together with user-supplied input. Read More

Unserialize is a PHP function that, while often classified as a security risk, is seldom defined. This article explains the vulnerability and contains a PHP Classes Crash Course that includes properties and 'magic methods'. It uses examples to illustrate the basic concepts of Deserialization, PHP Object Injection and Class Autoloading in PHP. Read More

This article provides a short introduction to Article 32 of the General Data Protection Regulation (GDPR), the latest EU regulation which deals with the security of Personal Data Processing. It also includes some practical suggestions for keeping organizations' personal data secure. Read More

Application level Denial of Service attacks are designed to render systems unresponsive, denying the services for users. They are notoriously difficult to detect & prevent and underestimated. This comprehensive guide explains how to identify and remove the conditions necessary for DoS attacks. Read More

This article provides an introduction to the Second-Order Remote File Inclusion (RFI) vulnerability, with an example, and explains how Netsparker can detect it. Read More

A detailed report detailing about Equifax was hacked, including quotes from David Hoyt, the security researcher who identified and reported vulnerabilities on the Equifax website months before the data breach happened. Read More

If you missed Blackhat and Def Con this year do not worry. Our security researcher Sven Morgenroth has just compiled a list of the best talks that took place during this year's conferences in Las Vegas. Read More

A detailed explanation with examples of how malicious hackers can attack vulnerable web applications typically running on developers computers to bypass firewalls and hack other web applications on the local network. Read More

This detailed article explains how you can use the Collision Based Hashing Algorithm Disclosure method to check if the target web application uses the weak SHA-1 hashing algorithm to hash the users' passwords. Read More

This article explains how both the heuristic and signature based web application security scanners work. It also explains the pros and cons of both types of scanners. Read More

This article explains in details the various vulnerabilities Netsparker’s security researchers identified in CubeCart, an open source ecommerce solution. Read More

This article explains how I was able to exploit a command injection vulnerability in my Smart TV and use Netcat to gain remote shell access on the TV set. Read More

The SQL Injection vulnerability allows malicious hackers to inject arbitrary code in SQL queries, thus being able to directly retrieve and alter data stored in a website's database. Read More

This article looks into the details of how malicious hackers can exploit a number of missing function level access control vulnerabilities to take over an installation of Maian Support Helpdesk, a web application developed in php. Read More

This article explains in detail how the Netsparker web application security scanner uses the Netsparker Hawk vulnerability testing infrastructure to identify Server Side Request Forgery, blind, async and second order web application vulnerabilities. Read More

This article explains how attackers can use the XSHM attack to identify WordPress websites running on internal networks and behind firewalls, and also launch a login bruteforce attack against them. Read More