Menu

Skip to primary content
  • Home

Eric Romang Blog

aka wow on ZATAZ.com

Tagged with LFI

EDB-ID-15130 : Barracuda Networks Spam & Virus Firewall LFI extended to more products

The 10/09/2010, Tiago Ferreira, submitted a new HTTP scanner auxiliary module to the Metasploit team, "barracuda_directory_traversal", how was added in the Metasploit Framework SVN. Interested by this new scanner, I decided to take a look on the initial linked references (OSVDB 68301 / SA41609 … Continue reading →
20/10/2010 Leave a reply

Joomla Local File Inclusion exploits attempts under monitoring

As discussed in a previous post, Local File Inclusion (LFI) exploits are increasing. The major vector of this increasing activity is due to Joomla, his daily vulnerabilities and th e integration of LFI dorks into RFI scanners :) We propose you to follow all the Joomla LFI exploits attempts on our … Continue reading →
12/07/2010 Leave a reply

Local File Inclusion attempts on the rise

They're is no new day without a Joomla Local File Inclusion (LFI) vulnerability. Just take a look at Exploit-DB, Inj3ct0r or Hack0wn and you will find thousands of Joomla components vulnerable to this vulnerability. Since many years, security researcher have write studies on this vulnerability, … Continue reading →
28/06/2010 Leave a reply

Analysis of Joomla wgPicasa component LFI source IPs

In a previous post, we have seen that Joomla wgPicasa component LFI exploit was more used than other LFI exploits. I was interested to see if the source IPs of this particular LFI attack was implicated into other attacks and integrated into bigger botnets. First of all, since the 15 April 2010, … Continue reading →
26/05/2010 Leave a reply

Joomla wgPicasa component Local File Inclusion is in the hype

The 14 April 2010, Antisecurity has release a Joomla wgPicasa Component Local File Inclusion (LFI) exploit, published on Exploit Database as EDB-ID 12230. To attract the "bad guys" how will use this exploit, we published the 15 April a news containing, in the URL and the content of the news, some … Continue reading →
19/05/2010 1 Reply
View Full Site
Proudly powered by WordPress
Get Adobe Flash player