Websec Cybersecurity Blog
Expert insights, trends, research findings, and best practices from our security team to help you strengthen your organization's security posture.
Detecting and exploiting vulnerable PHP-CGI applications
A critical vulnerability affecting PHP applications which use the CGI interprerter was published which allows attackers to view the source code and execute code remotely.
Bypassing Web Application Firewalls with SQLMap Tamper Scripts
An introduction to SQLMap's new tamper scripts and how they can be used to bypass Web Application Firewalls and Intrusion Detection Systems.
Optimized Blind MySQL Injection Data Retrieval
Demonstrates a method to extract data from a MySQL database using blind injection in fewer requests than currently known techniques such as the Bisection and Bit Shift method.
mac2wepkey - Huawei default WEP generator
Huawei HG520 and HG530 routers are vulnerable to weak cipher attacks. It is possible to generate the default WEP/WPA key. The purpose of this post is to explain the process of developing a key generator for these devices.
Attacking Linksys WRT160N router using the "URL Obfuscation in Frames" bug
Using the "URL Obfuscation in Frames" bug to enable remote administration on a Linksys WRT160N router
Do not trust your browser's status bar
Many people rely on the status bar for checking the destination of links, but it has been proven before that it is easy to falsify.