New OWASP WebGoat movies

By YGN Ethical Hacker Group - 

We have added the following movies to our OWASP WebGoat page in accordance with the latest version 5.4 - http://yehg.net/lab/pr0js/training/webgoat.php :

- CSRF Prompt By-Pass
- CSRF Token By-Pass
- Off-by-One Buffer Overflow
- Blind Numeric SQL Injection
- Modify Data with SQL Injection
- Add Data with SQL Injection


Enjoy Haxing WebGoat! 























































Popular posts from this blog









CubeCart 3.0.20 (3.0.x) and lower | Multiple Cross Site Scripting Vulnerabilities







By


YGN Ethical Hacker Group



-















 1. OVERVIEW   CubeCart 3.0.20 and lower versions are vulnerable to Cross Site Scripting.    2. BACKGROUND   CubeCart is an "out of the box" ecommerce shopping cart software  solution which has been written to run on servers that have PHP &  MySQL support. With CubeCart you can quickly setup a powerful online  store which can be used to sell digital or tangible products to new  and existing customers all over the world.    3. VULNERABILITY DESCRIPTION   Multiple parameters are not properly sanitized, which allows attacker  to conduct Cross Site Scripting attack. This may allow an attacker to  create a specially crafted URL that would execute arbitrary script  code in a victim's browser.    4. VERSIONS AFFECTED   3.0.20 and lower (aka 3.0.x family)    5. Affected URLs and Parameters   /admin/adminusers/permissions.php  (adminId parameter)  /admin/categories/index.php  (cat_name parameter)  /admin/categories/languages.php  (cat_master_id parameter)  /admin/customers/  (...








Read more











Elgg 1.7.10 <= | Multiple Vulnerabilities







By


YGN Ethical Hacker Group



-















1. OVERVIEW
 
 The Elgg 1.7.10 and lower versions are vulnerable to Cross Site Scripting and SQL Injection.
 
 
 2. BACKGROUND
 
 Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications. Well-known Organizations with networks powered by Elgg include: Australian Government, British Government, Federal Canadian Government, MITRE, The World Bank, UNESCO, NASA, Stanford University, Johns Hopkins University and more (http://elgg.org/powering.php)
 
 
 3. VULNERABILITY DESCRIPTION
 
 The "internalname" parameter is not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. The "tag_names" is not properly sanitized, which allows attacker to conduct SQL Injection att...








Read more